CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

CVE-2026-49356

Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile maliciously crafted code can allow an attacker to read any source map from the system that is...

3.2CVSS6AI score0.00013EPSS

Exploits0References2Affected Software1

EUVD•added 2026/06/15 8:45 p.m.•8 views

EUVD-2026-36465

Netty: Wrapping plain trust manager silently disables hostname verification...

7.5CVSS5.1AI score0.00196EPSS

Exploits0References4

NVD•added 2026/06/08 5:16 p.m.•12 views

CVE-2026-46285

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

0.00177EPSS

Exploits0References8

OSV•added 2026/06/08 5:16 p.m.•5 views

UBUNTU-CVE-2026-46285

5.3AI score0.00177EPSS

Exploits0References11

CVE•added 2026/06/08 3:41 p.m.•14 views

CVE-2026-46280

CVE-2026-46280 affects the Linux kernel in the HMM selftest path for device memory (dmirror) handling. The root cause is in dmirror_fops_release(), which frees the dmirror struct without migrating device-private pages back to system memory, leaving a stale zone_device_data pointer. If a fault occ...

7.8CVSS5.4AI score0.00126EPSS

Exploits0References6

RedhatCVE•added 2026/06/05 7:30 p.m.•7 views

CVE-2026-42314

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .. after replacement partial removal, leaving .. which can be exploited when the path is later resolve...

6.5CVSS5.4AI score0.00342EPSS

Exploits1References1

RedhatCVE•added 2026/06/01 4:3 p.m.•9 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s\/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.00239EPSS

Exploits0References1

ATTACKERKB•added 2026/05/28 5:50 p.m.•10 views

CVE-2026-43898

SandboxJS is a JavaScript sandboxing library. Prior to 0.9.6, sandbox-defined functions expose Function.caller, allowing sandboxed code to recover the internal LispType.Call runtime callback. That callback can then be invoked with attacker-controlled fake context and obj values to extract blocked...

10CVSS6.1AI score0.00472EPSS

Exploits1References3Affected Software1

EUVD•added 2026/05/26 5:0 p.m.•13 views

EUVD-2026-31906

A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried...

5.3CVSS4.1AI score0.00282EPSS

Exploits0References7

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fixed a memory leak in hidrawrelease Free the buffered reports before deleting the list entry. BUG: memory leak Unreferenced object 0xffff88810e72f180 size 32: comm “softirq”, pid 0, jiffies 4294945143 age 16.080s He...

5.5CVSS5.9AI score0.00205EPSS

Exploits0References2

NVD•added 2026/05/11 5:16 p.m.•11 views

CVE-2026-42843

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...

8.8CVSS0.0035EPSS

Exploits1References1

ATTACKERKB•added 2026/05/06 11:27 a.m.•9 views

CVE-2026-43161

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode PCIe endpoints with ATS enabled and passed through to userspace e.g., QEMU, DPDK can hard-lock the host when their link drops, either by surprise...

5.5CVSS5.8AI score0.00122EPSS

Exploits0References5Affected Software1

SUSE CVE•added 2026/05/06 1:40 a.m.•7 views

SUSE CVE-2026-43064

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release The workqueue associated with an DSA/IAA device is not released when the object is freed...

5.5CVSS5.8AI score0.00114EPSS

Exploits0References3

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: “IB/isert: Fix incorrect release of isert connection” The commit with the ID 699826f4e30a “IB/isert: Fix incorrect release of isert connection” is causing problems when DEVICEREMOVAL occurs in OPA. ------------ Cut here...

5.2AI score0.00195EPSS

Exploits0References2

SUSE CVE•added 2026/04/23 1:25 a.m.•8 views

SUSE CVE-2026-31504

In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packetrelease via NETDEVUP race packetrelease has a race window where NETDEVUP can re-register a socket into a fanout group's arr array. The re-registration is not cleaned up by fanoutrelease, leaving a...

7CVSS5.6AI score0.00129EPSS

Exploits0References23

Github Security Blog•added 2026/04/17 9:48 p.m.•5 views

OpenClaw: Voice-call realtime WebSocket accepted oversized frames

Summary Voice-call realtime WebSocket accepted oversized frames. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 = 2026.4.10 Impact The voice-call realtime WebSocket path could accept oversized frames, creating a remote availability risk for...

8.2CVSS5.4AI score0.00417EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2026/04/14 1:23 a.m.•2 views

CVE-2026-40077

Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they kno...

3.5CVSS5.8AI score0.00219EPSS

Exploits1References1

RedhatCVE•added 2026/04/01 5:39 p.m.•3 views

CVE-2026-5203

A vulnerability was found in CMS Made Simple up to 2.2.22. This impacts the function copyFilesToFolder in the library modules/UserGuide/lib/class.UserGuideImporterExporter.php of the component UserGuide Module XML Import. The manipulation results in path traversal. It is possible to launch the...

5.8CVSS5.5AI score0.00317EPSS

Exploits1References1

OSV•added 2026/04/01 9:9 a.m.•7 views

CLEANSTART-2026-LD15132 Security fixes for CVE-2020-8912, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-26958, CVE-2026-27139, CVE-2026-27141, CVE-2026-27142, CVE-2026-33186, ghsa-6g7g-w4f8-9c9x, ghsa-cfpf-hrx2-8rv6, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 0.142.0-r0, 0.144.0-r0, 0.144.0-r1, 0.144.0-r2, 0.144.0-r3

Multiple security vulnerabilities affect the opentelemetry-collector-contrib-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.9AI score0.00765EPSS

Exploits3References23

EUVD•added 2026/03/31 6:31 p.m.•3 views

EUVD-2026-17508

5.8CVSS5.5AI score0.00317EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by