CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.0.0 through 1.8.4 Description An unauthenticated user can view images belonging to other users. This is possible due to an indirect object reference through a user-controlled key. Recommendations At the moment,...

7.5CVSS5.8AI score0.00028EPSS

Exploits0References6

Tenable Nessus•added 2026/04/30 12:0 a.m.•2 views

Amazon Linux 2 : rclone, --advisory ALAS2-2026-3264 (ALAS-2026-3264)

"The version of rclone installed on the remote host is prior to 1.55.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3264 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper...

9.1CVSS7.7AI score0.0002EPSS

Exploits1References4

Redos•added 2026/04/30 12:0 a.m.•4 views

ROS-20260430-73-0011

Vulnerability in golang related to incorrect reference definition before accessing a file. Exploitation of the vulnerability may allow an attacker to escalate his privileges...

6.4CVSS5.2AI score0.0001EPSS

Exploits0

OSV•added 2026/04/29 11:46 p.m.•1 views

MINI-V2M4-4P26-PFFG

Bulletin has no description...

7.5CVSS5.7AI score0.00036EPSS

Exploits0

OSV•added 2026/04/29 9:1 p.m.•1 views

MINI-6XH8-HCHH-WJ29

Bulletin has no description...

7.5CVSS4.8AI score0.0015EPSS

Exploits1

OSV•added 2026/04/29 3:18 p.m.•1 views

MINI-2QJX-JR6F-4RR2

Bulletin has no description...

5AI score

Exploits0

OSV•added 2026/04/29 1:15 p.m.•1 views

MINI-Q38R-8WG3-7449

Bulletin has no description...

8.7CVSS4.1AI score0.00037EPSS

Exploits1

OSV•added 2026/04/29 1:0 p.m.•1 views

MINI-5PVQ-GMQX-4CP4

Bulletin has no description...

7.5CVSS4.8AI score0.00219EPSS

Exploits1

OSV•added 2026/04/29 1:0 p.m.•2 views

MINI-52RH-RXCV-W42M

Bulletin has no description...

7.5CVSS4.8AI score0.00019EPSS

Exploits0

OSV•added 2026/04/29 9:37 a.m.•3 views

CLSA-2026-1777455447 openssl: Fix of CVE-2026-28387

CVE-2026-28387: fix use-after-free / double-free in danematch by releasing the previously stored dane-mcert with X509free instead of OPENSSLfree; the slot is reference-bumped via X509upref so the matching free is X509free...

8.1CVSS5.8AI score0.00047EPSS

Exploits0References1

OSV•added 2026/04/29 9:1 a.m.•2 views

MINI-P942-VHRX-MXRX

Bulletin has no description...

7.3CVSS4.8AI score0.00009EPSS

Exploits1

Cvelist•added 2026/04/29 8:22 a.m.•28 views

CVE-2026-42515 Insecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper access control in resource access validation. An authenticated attacker could exploit this vulnerability by manipulating parameter in the API request URL to gain unauthorized access to sensitive information of patients on the targeted system...

7.1CVSS0.00059EPSS

Exploits0References1

OSV•added 2026/04/29 7:30 a.m.•4 views

MINI-X5MW-RGV9-R62R

Bulletin has no description...

5.3CVSS4.8AI score0.00007EPSS

Exploits0

OSV•added 2026/04/29 3:1 a.m.•1 views

MINI-J9P5-5RJ9-75RH

Bulletin has no description...

7.3CVSS5AI score0.00009EPSS

Exploits1