CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

297 matches found

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.9CVSS

Exploits0References1

NVD•added 3 days ago•8 views

CVE-2026-10517

A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured opt-in, not enforced by default, an unauthenticated attacker can submit a manifest with...

5.8CVSS0.00035EPSS

Exploits0References1

CVE•added 3 days ago•6 views

CVE-2026-10517

The CVE describes a flaw in Clair’s fetcher where it makes outbound HTTP requests to attacker-supplied URIs taken from manifest layer descriptors without filtering IPs or schemes. If PSK authentication is not configured, an unauthenticated attacker can submit a manifest pointing to internal servi...

5.8CVSS5.7AI score0.00035EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-10517 Clair: clair: unauthenticated ssrf via manifest layer uri enables internal network reconnaissance

5.8CVSS5.7AI score0.00035EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•7 views

CVE-2026-10517

5.8CVSS5.7AI score0.00035EPSS

Exploits0References2

RedhatCVE•added 3 days ago•6 views

CVE-2026-10517

5.8CVSS5.7AI score0.00035EPSS

Exploits0References2

Positive Technologies•added 3 days ago•7 views

PT-2026-45353

5.8CVSS5.7AI score0.00035EPSS

Exploits0References2

Tenable Nessus•added 6 days ago•8 views

SUSE SLES15 Security Update : gnutls (SUSE-SU-2026:2087-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2087-1 advisory. This update for gnutls fixes the following issues - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive...

9.8CVSS5.9AI score0.00486EPSS

Exploits1References34

OSV•added 2026/05/26 2:17 p.m.•3 views

JLSEC-2026-521

A flaw was found in gnutls. A use after free issue in clientsendparams in lib/ext/presharedkey.c may lead to memory corruption and other potential consequences...

9.8CVSS7.1AI score0.00844EPSS

Exploits0References24

RedHat Linux•added 2026/05/26 6:40 a.m.•7 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.00125EPSS

Exploits0References4

OSV•added 2026/05/19 9:43 a.m.•2 views

CLSA-2026-1779183792 gnutls: Fix of CVE-2026-42010

CVE-2026-42010: server-side RSA-PSK authentication bypass via NUL-byte truncation of binary PSK identities in gnutlsprocrsapskclientkx...

9.8CVSS5.8AI score0.00125EPSS

Exploits0References1

OSV•added 2026/05/18 10:8 a.m.•4 views

OPENSUSE-SU-2026:20778-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass bsc1263706. - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short...

9.8CVSS5.8AI score0.00486EPSS

Exploits2References26

EUVD•added 2026/05/07 12:31 p.m.•2 views

EUVD-2026-28354

7.1CVSS5.8AI score0.00125EPSS

Exploits0References3

NVD•added 2026/05/07 12:16 p.m.•9 views

CVE-2026-42010

9.8CVSS0.00125EPSS

Exploits0References6

Cvelist•added 2026/05/07 12:0 p.m.•29 views

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

7.1CVSS0.00125EPSS

Exploits0References6

Vulnrichment•added 2026/05/07 12:0 p.m.•4 views

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

7.1CVSS5.8AI score0.00125EPSS

Exploits0References6

RedhatCVE•added 2026/05/07 12:0 p.m.•7 views

CVE-2026-42010

9.8CVSS5.8AI score0.00125EPSS

Exploits0References3

CVE•added 2026/04/24 5:20 p.m.•8 views

CVE-2026-41898

CVE-2026-41898 affects the rust-openssl bindings for Rust. The vulnerability arises in the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb, where the user closure’s returned usize was forwarde...

9.8CVSS5.6AI score0.00063EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/04/24 12:0 a.m.•0 views

PT-2026-35041

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.24 through 0.10.77 Description FFI trampolines behind the functions set psk client callback, set psk server callback, set cookie generate cb, and set stateless cookie generate cb in SslContextBuilder forward the user...

9.8CVSS5.5AI score0.00063EPSS

Exploits0References8

CNNVD•added 2026/04/17 12:0 a.m.•3 views

OpenFGA 安全漏洞

OpenFGA is an open-source authorization/licensing engine built for developers, inspired by Google Zanzibar. Versions of OpenFGA from 0.1.4 to 1.13.1 contain security vulnerabilities. These vulnerabilities stem from the fact that the playground endpoint responses include pre-shared API keys, which...

6.5CVSS5.8AI score0.00088EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by