CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/01 12:0 a.m.•8 views

PT-2026-36392

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel when the usb submit urb function fails within the usbio probe function. This happens because the previously allocated USB Request Block URB—a dat...

5.5CVSS5.8AI score0.00121EPSS

Exploits0References5

Positive Technologies•added 2026/05/01 12:0 a.m.•9 views

PT-2026-36541

Name of the Vulnerable Software and Affected Versions bandit versions prior to 1.11.0 Description Inconsistent interpretation of HTTP requests allows HTTP request smuggling via duplicate Content-Length headers. The function get content length in Elixir.Bandit.Headers uses List.keyfind/3, which on...

6.3CVSS5.8AI score0.00518EPSS

Exploits0References11

Vulnrichment•added 2026/05/01 12:0 a.m.•5 views

CVE-2026-37536

miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a 2016-10-05 contains a stack buffer overflow in senddiagnosticrequest. A 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 receives memcpy at offset 1+pidlength with payloadlength bytes. MAXUDSREQUESTPAYLOADLENGTH=7, so 1+2+7=10 exceeds...

CNNVD•added 2026/05/01 12:0 a.m.•8 views

Unified Diagnostic Services Support Library in C 安全漏洞

Unified Diagnostic Services Support Library in C is an automotive electronic diagnostic protocol support library by a personal developer, Laughing with the Wind. Unified Diagnostic Services Support Library in C has a security vulnerability that originates from a stack buffer overflow in the...

8.8CVSS6.3AI score0.00254EPSS

Positive Technologies•added 2026/05/01 12:0 a.m.•5 views

PT-2026-36536

Name of the Vulnerable Software and Affected Versions astro-mcp-server versions prior to 1.1.2 Description A flaw in the MCP Tool Query Construction component, specifically within a function in the src/index.ts file, allows for remote SQL injection. This occurs when the request.params.arguments...

6.5CVSS6.8AI score0.00196EPSS

Exploits0References7

EUVD•added 2026/05/01 12:0 a.m.•4 views

EUVD-2026-26683

7.5CVSS6AI score0.00402EPSS

Exploits0References2

Positive Technologies•added 2026/05/01 12:0 a.m.•7 views

PT-2026-36510

Name of the Vulnerable Software and Affected Versions miaofng/uds-c versions prior to commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a Description A stack buffer overflow exists in the send diagnostic request function. The issue occurs because a 6-byte stack buffer, defined by MAX DIAGNOSTIC PAYLO...

EUVD•added 2026/05/01 12:0 a.m.•4 views

Exploits0References5

EUVD-2026-26689

CNNVD•added 2026/05/01 12:0 a.m.•6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the usb usbtmc driver not refreshing the anchor URB in usbtmcrelease, which could lead to reuse after releas...

7.8CVSS5.8AI score0.00126EPSS

Cvelist•added 2026/05/01 12:0 a.m.•28 views

CVE-2026-37536

8.8CVSS0.00254EPSS

CNNVD•added 2026/05/01 12:0 a.m.•8 views

Astro MCP Server 注入漏洞

Astro MCP Server is an app store optimized data query tool by Tim Broddin, an individual developer. An injection vulnerability exists in Astro MCP Server 1.1.1 and earlier versions, which stems from an unknown function in the src/index.ts file in the MCP Tool Query Construction component that...

6.5CVSS6.6AI score0.00196EPSS

CNNVD•added 2026/05/01 12:0 a.m.•7 views

Automotive Grade Linux agl-service-can-low-level 安全漏洞

Automotive Grade Linux agl-service-can-low-level is an in-vehicle communication service component from Automotive Grade Linux, Inc. A security vulnerability exists in Automotive Grade Linux agl-service-can-low-level, which stems from a stack buffer overflow in the senddiagnosticrequest function i...

7.5CVSS6.3AI score0.00314EPSS

CVE•added 2026/05/01 12:0 a.m.•10 views

CVE-2026-37536

The CVE-2026-37536 entry concerns miaofng/uds-c (commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a, 2016-10-05). A stack buffer overflow occurs in send_diagnostic_request: a 6-byte buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) is written via memcpy at offset 1+pid_length with payload_length bytes. The def...

Tenable Nessus•added 2026/05/01 12:0 a.m.•13 views

Atlassian Bamboo 9.6.x < 9.6.25 / 10.x < 10.2.18 / 11.x < 12.1.6 Multiple Vulnerabilities

The version of Atlassian Bamboo installed on the remote host is 9.6.x prior to 9.6.25, 10.x prior to 10.2.18, or 11.x prior to 12.1.6. It is, therefore, affected by multiple vulnerabilities: - An OS command injection vulnerability allows an authenticated attacker to execute commands on the remote...

9.4CVSS7.2AI score0.0127EPSS

Exploits2References8

CNNVD•added 2026/05/01 12:0 a.m.•8 views

WordPress plugin Elementor Website Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.6AI score0.00225EPSS

NVD•added 2026/04/30 9:16 p.m.•5 views

CVE-2026-7501

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The...

5.1CVSS0.00254EPSS

Exploits0References6

Cvelist•added 2026/04/30 9:4 p.m.•37 views

CVE-2026-3340 Server-Side Request Forgery (SSRF) in Langflow URL Component

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

6.5CVSS0.00167EPSS