CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added yesterday•5 views

CVE-2026-49190 Missing Per-Instruction Authorization Checks

The system fails to evaluate instructional permissions over multiple internal operation codes opcodes, permitting unauthorized application installations or command executions...

9.4CVSS5.8AI score0.00065EPSS

RedhatCVE•added yesterday•8 views

CVE-2026-47265

A flaw was found in AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python. This vulnerability allows a remote attacker to potentially gain access to sensitive information. When a developer uses the cookies parameter on a per-request basis, cookies are sent after following a...

8.7CVSS5.7AI score0.00019EPSS

Exploits0References5

OSV•added 2 days ago•3 views

GHSA-HG6J-4RV6-33PG AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Summary Cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. Impact If a developer uses the cookies parameter on a per-request basis then sensitive data might be leaked to an attacker if they manage to control a redirect. Workaround If unable to...

Github Security Blog•added 2 days ago•6 views

Exploits0References4

AIOHTTP is vulnerable to cross-origin redirect with per-request cookies

Exploits0References4Affected Software1

Positive Technologies•added 2 days ago•6 views

PT-2026-46097

Tenable Nessus•added 2 days ago•4 views

Exploits0References5

Linux Distros Unpatched Vulnerability : CVE-2026-45884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - apparmor: avoid per-cpu hold underflow in aagetbuffer When aagetbuffer pulls from the per-cpu list it unconditionally decrements cache-hold. If hold reaches 0...

5.8AI score0.00023EPSS

RedhatCVE•added 3 days ago•7 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00062EPSS

RedhatCVE•added 3 days ago•7 views

CVE-2026-41014

4.3CVSS5.8AI score0.00045EPSS

OSV•added 3 days ago•5 views

DEBIAN-CVE-2026-47265

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

NVD•added 3 days ago•7 views

CVE-2026-47265

8.7CVSS0.00019EPSS

Vulnrichment•added 3 days ago•5 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

ATTACKERKB•added 3 days ago•5 views

CVE-2026-47265

Exploits0References3Affected Software1

Cvelist•added 3 days ago•24 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

8.7CVSS0.00019EPSS

CVE•added 3 days ago•22 views

CVE-2026-47265

AIOHTTP prior to 3.14.0 is vulnerable: cookies provided via the cookies parameter on per-request calls are sent after following a cross-origin redirect, which may leak sensitive data if an attacker can control the redirect. Version 3.14.0 patches the issue. As a workaround, using a Cookie header ...

Exploits0References2Affected Software1

Cvelist•added 3 days ago•33 views

CVE-2026-45554 NiceGUI: Unauthenticated log-flood DoS via trailing slash on ESM and per-component resource routes

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...

5.3CVSS0.00182EPSS