CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/01 7:35 a.m.•23 views

CVE-2026-48726

CVE-2026-48726 describes a bug in Apache Airflow where the logout flow for FabAuthManager and KeycloakAuthManager does not reach revoke_token(), leaving previously issued JWTs valid until expiry. This creates a residual gap after CVE-2025-57735 where cookie-side invalidation was addressed but pro...

6.5CVSS5.9AI score0.00368EPSS

Exploits0References3Affected Software1

EUVD•added 2026/06/01 7:35 a.m.•13 views

EUVD-2026-33581

9.1CVSS5.9AI score0.00667EPSS

Vulnrichment•added 2026/06/01 7:35 a.m.•8 views

CVE-2026-48726 Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path

5.9AI score0.00368EPSS

CNNVD•added 2026/06/01 12:0 a.m.•10 views

Apache Airflow 代码问题漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained code vulnerabilities. These vulnerabilities stemmed from the authentication...

6.5CVSS5.4AI score0.00368EPSS

Exploits0References4

CVE•added 2026/05/29 7:47 p.m.•19 views

CVE-2026-48811

FreeScout (Laravel) contains a vulnerability where a non-admin can permanently delete an internal note (private thread) in any conversation, even after mailbox access is revoked. The root cause is the ThreadPolicy::delete authorization not verifying mailbox membership, allowing former members to ...

Cvelist•added 2026/05/29 7:47 p.m.•36 views

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note private thread from any conversation, even after that user's access to the mailbox containing the conversation has been...

4.3CVSS0.00155EPSS

EUVD•added 2026/05/29 7:47 p.m.•13 views

EUVD-2026-33437

ATTACKERKB•added 2026/05/29 7:47 p.m.•7 views

CVE-2026-48811

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/29 7:47 p.m.•9 views

CVE-2026-48811 FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

NVD•added 2026/05/29 7:16 p.m.•11 views

CVE-2026-44648

SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0, SillyTavern relies on cookie-session for authentication, storing all session data user handle,...

7.5CVSS0.00394EPSS

Exploits1References1

ATTACKERKB•added 2026/05/29 5:46 p.m.•6 views

CVE-2026-44648

7.5CVSS5.8AI score0.00394EPSS

Exploits1References2Affected Software1

Rockylinux•added 2026/05/29 4:3 p.m.•14 views

tomcat security update

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Apache Tomcat is a servlet container for the Java Servlet and JavaServer Page...

7.5CVSS5.8AI score0.00235EPSS

Exploits0

OSV•added 2026/05/29 4:3 p.m.•10 views

RLSA-2026:19054 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.4CVSS6.6AI score0.00235EPSS

Exploits0References2

Snyk•added 2026/05/29 1:18 p.m.•7 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the campaign import. An attacker can write arbitrary files to sensitive directories by uploading specially crafted ZIP archives containing malicious file paths. This can lead to overwriting internal configuration...

9.9CVSS6.3AI score0.00583EPSS

Exploits0References2

Fedora•added 2026/05/29 1:27 a.m.•14 views

[SECURITY] Fedora 43 Update: openbao-2.5.4-1.fc43

Openbao secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Openbao handles leasing, key revocation, key rolling, and auditing. Through a unified API, us ers can access an encrypted Key/Value store and network...

5.8AI score0.00083EPSS

Exploits0

Fedora•added 2026/05/29 1:13 a.m.•11 views

[SECURITY] Fedora 44 Update: openbao-2.5.4-1.fc44

5.8AI score0.00083EPSS

Exploits0

Tenable Nessus•added 2026/05/29 12:0 a.m.•15 views

Linux Distros Unpatched Vulnerability : CVE-2026-42791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificat...

6.3CVSS5.8AI score0.00316EPSS

CNNVD•added 2026/05/29 12:0 a.m.•9 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...

7.5CVSS5.8AI score0.00394EPSS

Exploits1References1

Tenable Nessus•added 2026/05/29 12:0 a.m.•14 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42508)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42508 advisory. - Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocatio...

9.1CVSS5.8AI score0.00368EPSS