CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 3 days ago•7 views

CVE-2026-45282

This CVE affects Nextcloud Server versions 32.0.0–32.0.8 and 33.0.0–33.0.2, where an authenticated attacker can access attachments of link shares using a valid share token and a known documentId, bypassing password protection or download restrictions. The vulnerability enables access to attachmen...

6.5CVSS5.7AI score0.00027EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•4 views

GitButler 代码注入漏洞

GitButler is an open-source modern Git version control interface that supports AI workflows. Versions of GitButler prior to 0.19.7 contained a code injection vulnerability. This vulnerability could allow arbitrary scripts to execute in the Tauri webview due to the malicious links present in the...

9.3CVSS6.1AI score0.00079EPSS

Debian•added 2026/05/21 8:38 p.m.•9 views

[SECURITY] [DSA 6289-1] openvpn security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6289-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 21, 2026 https://www.debian.org/security/faq -...

5.8AI score

Exploits0

NVD•added 2026/05/21 6:16 p.m.•5 views

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

7.1CVSS0.00027EPSS

Exploits0References3

OSV•added 2026/05/18 5:39 a.m.•3 views

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

Microsoft CVE•added 2026/05/17 8:1 a.m.•6 views

etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

...

6.5CVSS5.8AI score0.00012EPSS

Exploits0

UbuntuCve•added 2026/05/14 6:16 p.m.•4 views

CVE-2026-44283

AlpineLinux•added 2026/05/14 5:1 p.m.•15 views

CVE-2026-44283

Tenable Nessus•added 2026/05/14 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-44283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...

CNNVD•added 2026/05/13 12:0 a.m.•6 views

Exploits0References3

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...

7.5CVSS5.8AI score0.00012EPSS

Cvelist•added 2026/05/12 8:21 a.m.•28 views

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

9.3CVSS0.00059EPSS

EUVD•added 2026/05/08 3:31 p.m.•3 views

EUVD-2025-209743

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8CVSS5.8AI score0.00011EPSS

NVD•added 2026/05/08 1:16 p.m.•6 views

CVE-2025-66467

8.1CVSS0.00011EPSS

EUVD•added 2026/05/06 12:30 p.m.•2 views

EUVD-2026-27799

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement...

5.8AI score0.00013EPSS

Exploits0References7

Debian CVE•added 2026/05/06 11:28 a.m.•2 views

CVE-2026-43240

5.5CVSS5.8AI score0.00013EPSS

Exploits0

Cvelist•added 2026/05/06 11:27 a.m.•22 views

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

0.00013EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в chromium

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS8.7AI score0.00044EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A null pointer dereference issue in destroyprevioussession has been fixed. If the -PreviousSessionId is set during the Kerberos session setup phase, a null pointer dereference error may occur. Since sess-user is not set ye...

5.5CVSS5.9AI score0.00076EPSS