CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•2 views

CVE-2026-46416

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO creates one shared UFOWebSocketHandler instance and reuses it for multiple authenticated WebSocket connections. The handler stores per-connection protocol objects in...

6.3CVSS5.5AI score0.00043EPSS

ATTACKERKB•added 2026/05/27 9:56 p.m.•8 views

CVE-2026-46416

EUVD•added 2026/05/27 9:56 p.m.•6 views

Exploits0References2

EUVD-2026-32676

CVE•added 2026/05/27 9:56 p.m.•17 views

CVE-2026-46416

Microsoft UFO (open-source framework for intelligent automation) in version 3.0.1-4-ge2626659 uses a single shared UFOWebSocketHandler instance for multiple authenticated WebSocket connections. The handler caches per-connection protocol objects in mutable fields, and each new connection overwrite...

Positive Technologies•added 2026/05/27 12:0 a.m.•4 views

PT-2026-44120

Name of the Vulnerable Software and Affected Versions Microsoft UFO version 3.0.1-4-ge2626659 Description Microsoft UFO creates a single shared UFOWebSocketHandler instance that is reused across multiple authenticated WebSocket connections. The handler stores protocol objects for each connection ...

NVD•added 2026/05/22 4:16 a.m.•9 views

CVE-2026-39830

9.1CVSS0.00054EPSS

EUVD•added 2026/05/22 2:31 a.m.•6 views

EUVD-2026-31397

9.1CVSS5.8AI score0.00054EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•4 views

PT-2026-42709

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious SSH peer can send unsolicited global request responses to fill an internal buffer, which blocks the connection's read loop. This prevents the blocked...

9.1CVSS5.8AI score0.00054EPSS

Exploits0References39

RedHat Linux•added 2026/05/19 9:10 a.m.•7 views

libssh: libssh: Denial of Service via zero-length input in ssh_get_hexa()

A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI Generic Security Service Application Program Interface authentication if the server's logging verbosity is se...

8.2CVSS6.3AI score0.00064EPSS

EUVD•added 2026/05/07 3:43 a.m.•2 views

EUVD-2026-26715

Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion...

8.7CVSS5.8AI score0.00081EPSS

OSV•added 2026/04/27 6:33 p.m.•2 views

JLSEC-2026-260 Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a...

Issue summary: A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before decompression without checking against the configured certificate size limit. Impact summary: An attacker can cause per-connection memory allocations of up to approximately 22 MiB and...

5.9CVSS5.8AI score0.00114EPSS

Exploits1References7

SUSE CVE•added 2026/04/25 1:40 a.m.•1 views

SUSE CVE-2026-31537

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...

5.5CVSS5.6AI score0.00015EPSS

EUVD•added 2026/04/24 2:30 p.m.•1 views

EUVD-2026-25430

5.5AI score0.00015EPSS

Vulnrichment•added 2026/03/27 8:10 a.m.•0 views

CVE-2026-27857

Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...

4.3CVSS5.9AI score0.00034EPSS

Exploits1References1

EUVD•added 2026/03/26 9:31 p.m.•2 views

EUVD-2026-16330

The API function sshgethexa is vulnerable, when 0-lenght input is provided to this function. This function is used internally in sshgetfingerprinthash and sshprinthexa deprecated, which is vulnerable to the same input length is provided by the calling application. The function is also used...

6.5CVSS5.9AI score0.00064EPSS