CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/28 9:6 p.m.•26 views

CVE-2026-44849 Portainer: Endpoint security bypass via Swarm service create/update

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, Portainer enforces seven EndpointSecuritySettings restrictions that...

9.4CVSS0.00054EPSS

Exploits1References1

OSV•added 2026/05/28 7:52 p.m.•5 views

GHSA-2XF4-CG6J-VHGQ symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form

Description symfony/polyfill-intl-idn provides a userland implementation of idntoutf8 and idntoascii for runtimes that lack the intl extension. Its Idn::process method decodes labels prefixed with xn-- using Punycode but never enforces the validity criterion added in UTS 46 revision 33 Section 4...

6.9CVSS5.9AI score

Exploits0References6

NVD•added 2026/05/28 4:16 p.m.•8 views

CVE-2026-44594

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, a Local File Inclusion LFI vulnerability exists in the esbuild plugin's handling of the browser field in package.json. An attacker can publish an npm package that causes the server to read and return...

7.5CVSS0.00057EPSS

Cvelist•added 2026/05/28 2:45 p.m.•27 views

CVE-2026-44594 esm.sh: Path Traversal via package.json browser field allows reading arbitrary server files

7.5CVSS0.00057EPSS

CVE•added 2026/05/28 2:45 p.m.•11 views

CVE-2026-44594

CVE-2026-44594 describes a Local File Inclusion (LFI) in esm.sh’s esbuild plugin handling of the browser field in package.json. The vulnerability allows an attacker to publish a crafted npm package that, during the build, causes the server to read and return arbitrary files from the host filesyst...

7.5CVSS6AI score0.00057EPSS

RedhatCVE•added 2026/05/28 1:11 p.m.•5 views

CVE-2026-46223

A flaw was found in the Linux kernel's cgroup subsystem. This vulnerability occurs during the rmdir operation when the process initiating the rmdir is also responsible for cleaning up zombie processes that are holding onto process namespace pidns resources. This specific scenario can lead to a...

5.8AI score0.00024EPSS

OSV•added 2026/05/28 10:16 a.m.•3 views

UBUNTU-CVE-2026-46206

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...

7.8CVSS5.7AI score0.00013EPSS

Exploits0References8

RedhatCVE•added 2026/05/28 4:12 a.m.•10 views

CVE-2026-45862

A flaw was found in the Linux kernel's IOMMU Input/Output Memory Management Unit virtualized directed I/O VT-d component. When a freshly allocated PASID Process Address Space ID table is written to a directory entry, the CPU cache flush for this table occurs too late. This creates a time window...

7.8CVSS5.8AI score0.00013EPSS

SUSE CVE•added 2026/05/28 3:56 a.m.•5 views

SUSE CVE-2026-45894

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits 64 bytes. When tearing down an entry, the current implementation zeros the entire 64-byte structure...

5.7AI score0.00013EPSS

Exploits0References3

RedhatCVE•added 2026/05/28 12:34 a.m.•6 views

CVE-2026-45937

A flaw was found in the Linux kernel's inside-secure/eip93 cryptographic driver. This vulnerability occurs during the driver detachment process, where a programming error leads to the same hash algorithm being unregistered multiple times. This issue can cause a kernel panic, resulting in a Denial...

5.8AI score0.00022EPSS

RedhatCVE•added 2026/05/28 12:2 a.m.•6 views

CVE-2026-45945

A flaw was found in the Linux kernel's Intel VT-d Virtualization Technology for Directed I/O implementation. A race condition occurs during the replacement of an active PASID Process Address Space ID entry. This can lead to the IOMMU Input/Output Memory Management Unit hardware reading an...

8.8CVSS5.8AI score0.00015EPSS

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•8 views

Malicious code in @cloudplatform-single-spa/svp-draas (npm)

Part of a dependency confusion attack campaign targeting the @cloudplatform-single-spa and @mlspace npm scopes. The attacker npm user mr.4nd3r50n published 139 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version...

OSSF Malicious Packages•added 2026/05/28 12:0 a.m.•9 views

Malicious code in @cloudplatform-single-spa/dataplatform-metastore (npm)

OSV•added 2026/05/28 12:0 a.m.•5 views

Exploits0References2

MAL-2026-4998 Malicious code in @cloudplatform-single-spa/virtual-machines (npm)

OSV•added 2026/05/28 12:0 a.m.•4 views

MAL-2026-4870 Malicious code in @car-loans/general-analytics (npm)

Part of a dependency confusion attack campaign targeting the @car-loans, @fb-deposit, and @debit-ib npm scopes. The attacker npm user pik-libs published 25 scoped packages at the inflated version 99.99.99, which resolves ahead of any private registry version via npm's default version resolution,...

OSV•added 2026/05/28 12:0 a.m.•4 views

MAL-2026-5014 Malicious code in @mlspace/dtransfer-history (npm)