CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

NVD•added 2026/05/25 11:16 a.m.•10 views

CVE-2026-46745

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

5.3CVSS0.00789EPSS

Exploits0References3

NVD•added 2026/04/27 4:16 p.m.•37 views

CVE-2026-6970

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID GID differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was...

7.3CVSS0.0011EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 8:10 a.m.•2 views

CVE-2024-54461

The file names constructed within fileselector are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select a document file from that provider while using your app and could...

7.1CVSS6.8AI score0.0019EPSS

Exploits0References1

Snyk•added 2025/05/06 4:51 p.m.•1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the Session API. An attacker can authenticate on behalf of the user by repeatedly using idp intents to retrieve the id and token from the application's URI. Remediation Upgrade...

8CVSS7AI score0.00388EPSS

Exploits0References2

OSV•added 2025/05/02 4:15 p.m.•0 views

DEBIAN-CVE-2023-53092

In the Linux kernel, the following vulnerability has been resolved: interconnect: exynos: fix node leak in probe PM QoS error path Make sure to add the newly allocated interconnect node to the provider before adding the PM QoS request so that the node is freed on errors...

5.5CVSS5.5AI score0.00159EPSS

Exploits0References1

OSV•added 2025/01/29 12:15 p.m.•3 views

CVE-2024-54461

7.1CVSS6.9AI score

Exploits0References1

OSV•added 2023/09/12 7:16 a.m.•1 views

SUSE-SU-2023:3587-1 Security update for terraform-provider-helm

This update of terraform-provider-helm fixes the following issues: - rebuild the package with the go 1.21 security release bsc1212475...

7.2AI score

Exploits0References2

OSV•added 2023/08/14 9:15 p.m.•2 views

CVE-2023-21268

In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00095EPSS

Exploits0References2

OSV•added 2023/06/30 1:38 p.m.•2 views

SUSE-SU-2023:2751-1 Security update for terraform-provider-aws

This update of terraform-provider-aws fixes the following issues: - rebuild the package with the go 1.20 security release bsc1206346...

7.2AI score

Exploits0References2

OSV•added 2023/06/21 10:7 a.m.•1 views

SUSE-SU-2023:2253-2 Security update for terraform-provider-aws

This update of terraform-provider-aws fixes the following issues: - rebuild the package with the go 1.19 security release bsc1200441 bsc1209658...

7.2AI score

Exploits0References3