CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/02/03 9:21 p.m.•11 views

CVE-2026-25224

CVE-2026-25224 affects Fastify (Node.js). Before 5.7.3, a DoS can occur when a remote client sends a slow or non-reading request while the app returns a ReadableStream (or Web Stream) via reply.send(), causing unbounded buffering and possible memory exhaustion. Impact: server degradation or crash...

3.7CVSS5.4AI score0.0002EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/02/03 9:21 p.m.•3 views

CVE-2026-25224

3.7CVSS5.4AI score0.0002EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/02/03 9:21 p.m.•24 views

CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

3.7CVSS0.0002EPSS

OSV•added 2026/02/03 9:21 p.m.•5 views

CVE-2026-25224 Fastify Vulnerable to DoS via Unbounded Memory Allocation in sendWebStream

3.7CVSS5.4AI score0.0002EPSS

Exploits0References5

NVD•added 2026/02/02 11:16 p.m.•5 views

CVE-2026-25137

The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This allows unauthorized actors to delete and download the entire database, including Odoos file store...

9.1CVSS0.00039EPSS

Positive Technologies•added 2026/02/02 12:0 a.m.•5 views

PT-2026-5726

Name of the Vulnerable Software and Affected Versions Odoo versions 21.11 through 25.10 Odoo versions 26.05 Description The NixOS Odoo package, an open source ERP and CRM system, exposes the database manager without authentication. This allows unauthorized actors to delete and download the entire...

9.1CVSS5.4AI score0.00039EPSS

Exploits0References13

EUVD•added 2026/01/27 9:8 p.m.•3 views

EUVD-2026-4740

gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...

5.9CVSS5.8AI score0.00008EPSS

Vulnrichment•added 2026/01/27 9:8 p.m.•3 views

CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values

5.9CVSS5.8AI score0.00008EPSS

CVE•added 2026/01/26 10:6 a.m.•8 views

CVE-2025-59105

CVE-2025-59105 describes unencrypted flash storage in the dormakaba access manager. With physical access and time, an attacker can desolder, modify, and reflash memory, enabling read/write of critical data (e.g., /etc/passwd, stored certificates, cryptographic keys, PINs) and potentially gain SSH...

7CVSS5.9AI score0.00008EPSS

Cvelist•added 2026/01/26 10:3 a.m.•30 views

CVE-2025-59093 Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 9300

Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry. This allows an attacker t...

8.5CVSS0.00025EPSS

Vulnrichment•added 2026/01/26 10:3 a.m.•7 views

CVE-2025-59093 Insecure Password Derivation Function for Database Administrator in dormakaba Kaba exos 9300

8.5CVSS5.9AI score0.00025EPSS

Tenable Nessus•added 2026/01/22 12:0 a.m.•1 views

Azure Linux 3.0 Security Update: rpm-ostree (CVE-2024-2905)

The version of rpm-ostree installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2905 advisory. - A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in...

6.2CVSS5.5AI score0.00019EPSS

8.8CVSS8.4AI score0.00428EPSS

MiracleLinux 8 : firefox-115.5.0-1.el8_9.ML.1 (AXSA:2024-7349:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7349:01 advisory. Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer CVE-2023-6204 Mozilla: Use-after-free in MessagePort::Entangled CVE-2023-6205 Mozilla:...

Exploits0References8

5.5CVSS7.5AI score0.00665EPSS

MiracleLinux 8 : dotnet-2.1.525-1.el8.ML.1 (AXSA:2021-2361:07)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2361:07 advisory. dotnet: Dump file created world-readable CVE-2021-34485 Default inclusions for applications built with .NET Core have been updated to reference the newest...

Tenable Nessus•added 2026/01/20 12:0 a.m.•4 views

MiracleLinux 9 : rpm-ostree-2024.3-3.el9_4 (AXSA:2024-8423:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8423:04 advisory. rpm-ostree: world-readable /etc/shadow file 9.4.z JIRA:RHEL-31852 CVE-2024-2905 A security vulnerability has been discovered within rpm-ostree, pertaining to...

6.2CVSS5.5AI score0.00019EPSS

Tenable Nessus•added 2026/01/20 12:0 a.m.•2 views

MiracleLinux 9 : rear-2.6-21.el9_3.ML.1 (AXSA:2024-7585:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7585:02 advisory. rear: creates a world-readable initrd CVE-2024-23301 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

5.5CVSS5.6AI score0.001EPSS

Exploits1References2

5.5CVSS5.6AI score0.00061EPSS

MiracleLinux 8 : cloud-init-20.3-10.el8.5 (AXSA:2021-2312:08)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-2312:08 advisory. cloud-init: randomly generated passwords logged in clear-text to world-readable file CVE-2021-3429 Tenable has extracted the preceding description block...