CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31680 matches found

CNNVD•added 2026/05/09 12:0 a.m.•8 views

Net::IMAP 安全漏洞

Net::IMAP is a Ruby client API for the IMAP message access protocol, developed by Ruby Open Source. Versions of Net::IMAP prior to 0.4.24, 0.5.14, and 0.6.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of ResponseReader, which had a quadratic time complexity when...

7.5CVSS5.8AI score0.0041EPSS

Exploits0References1

NVD•added 2026/05/08 11:16 p.m.•8 views

CVE-2026-42451

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS0.00136EPSS

Exploits0References2

Vulnrichment•added 2026/05/08 10:51 p.m.•9 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

6.3CVSS5.7AI score0.00136EPSS

Exploits0References2

Cvelist•added 2026/05/08 10:51 p.m.•29 views

CVE-2026-42451 Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

6.3CVSS0.00136EPSS

Exploits0References2

EUVD•added 2026/05/08 10:51 p.m.•9 views

EUVD-2026-28861

6.3CVSS5.7AI score0.00136EPSS

Exploits0References2

ATTACKERKB•added 2026/05/08 10:51 p.m.•5 views

CVE-2026-42451

6.3CVSS5.7AI score0.00136EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/08 3:16 p.m.•4 views

UBUNTU-CVE-2026-43376

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

9.8CVSS5.7AI score0.00444EPSS

Exploits0References8

OSV•added 2026/05/08 5:46 a.m.•3 views

BIT-JRE-2024-25062

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free...

7.5CVSS5.8AI score0.01375EPSS

Exploits3References7

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-38830

7.5CVSS5.8AI score0.01375EPSS

Exploits3References8

CNNVD•added 2026/05/08 12:0 a.m.•7 views

Grimmory 跨站脚本漏洞

Grimmory is an open-source e-book management software developed by Grimmory. Versions of Grimmory prior to 2.3.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the browser EPUB reader, allowing attackers to embed arbitrary JavaScript in specially crafted EPUB file...

6.3CVSS5.8AI score0.00136EPSS

Exploits0References2

Positive Technologies•added 2026/05/08 12:0 a.m.•9 views

PT-2026-39217

Name of the Vulnerable Software and Affected Versions Grimmory versions prior to 2.3.1 Description A stored cross-site scripting XSS issue in the browser-based EPUB reader allows an attacker to embed arbitrary JavaScript within a crafted EPUB file. When a user opens the affected book, the script...

6.3CVSS5.8AI score0.00136EPSS

Exploits0References4

Github Security Blog•added 2026/05/07 9:18 p.m.•10 views

Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers

Summary The public RSS/Atom feed at /rss renders two attacker-controlled surfaces without HTML escaping. Tag names flow through fmt.AppendfrenderedContent, "%s", tag.Name at internal/service/common/common.go:120, and the Markdown renderer at internal/util/md/md.go does not set the html.SkipHTML...

5.9AI score

Exploits0References3Affected Software1

RedhatCVE•added 2026/05/07 12:11 a.m.•11 views

CVE-2026-43272

A flaw was found in the Linux kernel's ring-buffer component. This vulnerability allows a local user to potentially cause a denial of service. The issue occurs because a pointer in the rbmetavalidateevents function is not properly initialized, and its dereference during a reader page validation...

5.5CVSS5.8AI score0.00115EPSS

Exploits0References4

Tenable Nessus•added 2026/05/07 12:0 a.m.•4 views

Unity Linux 20.1070a Security Update: osbuild-composer (UTSA-2026-016489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016489 advisory. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large...

4.3CVSS7.1AI score0.00382EPSS

Exploits0References4

EUVD•added 2026/05/06 6:30 p.m.•2 views

EUVD-2026-27844

Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization the lowest authenticated role, holding only READRESULTS permission can issue a single authenticated HTTP GET that can read any files...

6.8CVSS5.7AI score0.00236EPSS

Exploits0References2

OSV•added 2026/05/06 6:30 p.m.•0 views

GHSA-2V93-VP82-CJV8 Velocidex Velociraptor has an Incorrect Authorization issue

6.8CVSS5.7AI score0.00236EPSS

Exploits0References3

Github Security Blog•added 2026/05/06 6:30 p.m.•6 views

Velocidex Velociraptor has an Incorrect Authorization issue

6.8CVSS5.7AI score0.00236EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/06 4:16 p.m.•13 views

CVE-2026-6863

6.8CVSS0.00236EPSS

Exploits0References1

RedhatCVE•added 2026/05/06 3:24 p.m.•14 views

CVE-2026-43111

A flaw was found in the Linux kernel's roccat Human Interface Device HID driver. This vulnerability, a use-after-free, arises from a synchronization issue where the roccatreportevent function accesses a list of readers without adequate locking. A local attacker could exploit this to cause a syste...

7.8CVSS6AI score0.00117EPSS

Exploits0References4