CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

823 matches found

ATTACKERKB•added 2026/05/29 4:15 p.m.•7 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS6.1AI score0.0026EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2026/05/26 2:8 p.m.•13 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3

Packet Storm News•added 2026/05/21 12:0 a.m.•6 views

A First Measurement Study on Authentication Security in Real-World Remote MCP Servers

The Model Context Protocol MCP is emerging as a common interface connecting large language models LLMs with external services. Remote deployments are becoming increasingly important as agents connect to user-linked online services, such as social, productivity, and financial services. In such...

5.8AI score

Exploits0

CNNVD•added 2026/04/15 12:0 a.m.•4 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 10.11.12 and earlier, including 10.11.x, have security vulnerabilities. These vulnerabilities stem from unvalidated user ownership, which could allow malicious remote...

2.7CVSS5.9AI score0.00037EPSS

Exploits0References2

NVD•added 2026/03/27 3:16 p.m.•0 views

CVE-2026-30637

Server-Side Request Forgery SSRF vulnerability exists in the AnnounContent of the /admin/read.php in OTCMS V7.66 and before. The vulnerability allows remote attackers to craft HTTP requests, without authentication, containing a URL pointing to internal services or any remote server...

7.5CVSS0.00232EPSS

Exploits1References1

OSV•added 2026/02/11 9:10 a.m.•3 views

RLSA-2026:2323 Important: git-lfs security update

Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted...

7.5CVSS5.7AI score0.00019EPSS

Exploits2References2

Positive Technologies•added 2026/02/04 12:0 a.m.•3 views

PT-2026-6449

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

8.1CVSS6.3AI score0.00168EPSS

Exploits0References6

RedHat Linux•added 2026/01/26 8:52 p.m.•5 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00019EPSS

Exploits0References6

OSSF Malicious Packages•added 2026/01/22 8:18 a.m.•8 views

Malicious code in sympy-dev (PyPI)

Package downloads and executes code from remote servers, indicating malicious behavior. Multiple files and IPs involved. Package impersonates popular sympy package...

5.5AI score

Exploits0References1

Tenable Nessus•added 2026/01/16 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000655)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000655 advisory. The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial ...

4.6CVSS6.4AI score0.00354EPSS

Exploits0References14

RedhatCVE•added 2026/01/09 12:47 p.m.•7 views

CVE-2005-1911

The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service news loss...

5CVSS6.8AI score0.00481EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:25 a.m.•4 views

CVE-2021-28847

MobaXterm before 21.0 allows remote servers to cause a denial of service Windows GUI hang via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls...

7.5CVSS6.8AI score0.00467EPSS

Exploits0References1

The Hacker News•added 2025/12/15 5:46 p.m.•10 views

Featured Chrome Browser Extension Caught Intercepting Millions of Users' AI Chats

A Google Chrome extension with a "Featured" badge and six million users has been observed silently gathering every prompt entered by users into artificial intelligence AI-powered chatbots like OpenAI ChatGPT, Anthropic Claude, Microsoft Copilot, DeepSeek, Google Gemini, xAI Grok, Meta AI, and...

6.5AI score

Exploits0