CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/28 5:16 p.m.•4 views

UBUNTU-CVE-2026-44465

GithubExploit•added 2026/05/28 4:45 p.m.•48 views

Exploits1References3

Exploit for Deserialization of Untrusted Data in Facebook React

HTB: Reactor !Difficultyhttps://img.shields.io/badge/Diffi...

10CVSS7.9AI score0.83197EPSS

Exploits364

GithubExploit•added 2026/05/28 4:35 p.m.•46 views

gogs-rce

Gogs RCE — Argument Injection in git rebase CWE-88 Authen...

6.6AI score

Exploits0

Vulnrichment•added 2026/05/28 4:10 p.m.•5 views

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

ATTACKERKB•added 2026/05/28 4:10 p.m.•5 views

CVE-2026-44465

Exploits1References2Affected Software1

Cvelist•added 2026/05/28 4:10 p.m.•25 views

CVE-2026-44465 Zed: Zed IDE Arbitrary Code Execution via untrusted repository with poisoned .git/config

8.6CVSS0.00057EPSS

CVE•added 2026/05/28 4:10 p.m.•11 views

CVE-2026-44465

Zed IDE (prior to 0.227.1) is affected. Opening a folder that contains a malicious .git/config file abuses the core.fsmonitor Git configuration option, allowing an attacker to execute arbitrary commands and achieve Remote Code Execution when a user opens the folder in untrusted mode. The issue is...

Exploits1References1Affected Software1

EUVD•added 2026/05/28 4:10 p.m.•7 views

EUVD-2026-32937

OSV•added 2026/05/28 3:44 p.m.•3 views

SUSE-SU-2026:21913-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.00322EPSS

Exploits0References23

OSV•added 2026/05/28 3:43 p.m.•8 views

RLSA-2026:19182 Moderate: mariadb:11.8 security update

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSONSCHEMAVALID function vulnerability CVE-2026-32710 For more details about the security issues, including the impact...

7.5CVSS5.9AI score0.00114EPSS

Exploits1References2

Rockylinux•added 2026/05/28 3:43 p.m.•10 views

mariadb:11.8 security update

An update is available for module.galera, module.mariadb, mariadb, galera. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list MariaDB is a multi-user, multi-threade...

9.9CVSS6AI score0.00114EPSS

Exploits1

OSV•added 2026/05/28 3:43 p.m.•7 views

RLSA-2026:19180 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

8.8CVSS7.7AI score0.0046EPSS

Exploits0References8

Rockylinux•added 2026/05/28 3:43 p.m.•10 views

gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

An update is available for gstreamer1-plugins-ugly-free, gstreamer1-plugins-bad-free, gstreamer1-plugins-good, gstreamer1-plugins-base. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.7AI score0.0046EPSS

Exploits0

OSV•added 2026/05/28 3:2 p.m.•4 views

SUSE-SU-2026:21874-1 Security update for unbound

10CVSS6.5AI score0.00322EPSS

Exploits0References23

Cvelist•added 2026/05/28 2:44 p.m.•26 views

CVE-2026-44593 esm.sh: Legacy Route Path Traversal Can Lead to RCE

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS0.00082EPSS

CVE•added 2026/05/28 2:44 p.m.•9 views

CVE-2026-44593

esm.sh (no-build CDN) vulnerable to path traversal in legacy_router.go. In versions up to 137, the router concatenates request path components without sanitization, generating a storage key that can resolve to arbitrary filesystem paths (example: writing to /tmp/pwned). This allows an attacker to...

8.7CVSS5.9AI score0.00082EPSS

Vulnrichment•added 2026/05/28 2:44 p.m.•4 views

CVE-2026-44593 esm.sh: Legacy Route Path Traversal Can Lead to RCE

8.7CVSS5.9AI score0.00082EPSS

CVE•added 2026/05/28 2:35 p.m.•10 views

CVE-2026-44672

CVE-2026-44672 affects mapfish-print, a component of MapFish for templated map printing. The vulnerability exists in the Dynamic table handling for versions 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, allowing an unauthenticated attacker to execute arbitrary code (Remote Code ...

9.3CVSS6.2AI score0.00102EPSS

Vulnrichment•added 2026/05/28 2:35 p.m.•5 views

CVE-2026-44672 mapfish-print: Remote Code Injection (RCE) in Dynamic table

mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can execute arbitrary code in Dynamic table without being authenticated. This vulnerability is fixed in 3.28.28, 3.30.30, 3.31.22,...

9.3CVSS6.2AI score0.00102EPSS