CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 hours ago•11 views

CVE-2026-44726

CVE-2026-44726 affects Deno (2.0.0–2.7.8) via the Node.js tls compatibility layer. When autoSelectFamily is enabled and the first address-family attempt fails, the socket reinitialization path reuses a stale TLS upgrade hook tied to the original failed handle, causing the replacement TCP connecti...

7.4CVSS5.9AI score0.00017EPSS

NVD•added 5 hours ago•7 views

CVE-2026-56696

OpenHarness /issue and /prcomments slash commands lack remoteinvocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted remote attackers can inject malicious content into .openharness/issue.md and .openharness/prcomments....

5.4CVSS

EUVD•added 5 hours ago•4 views

EUVD-2026-38469

5.4CVSS6AI score

NVD•added 8 hours ago•7 views

CVE-2026-56762

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS

CVE•added 9 hours ago•7 views

CVE-2026-56762

Hono CVE-2026-56762 affects Hono before 4.12.12, where cookie-name validation is missing on the write path in setCookie(), serialize(), and serializeSigned(). This allows invalid characters (e.g., control chars like \r/\n) in user-controlled cookie names, producing malformed Set-Cookie header val...

6.9CVSS5.9AI score

Cvelist•added 9 hours ago•9 views

CVE-2026-56762 Hono - Missing Cookie Name Validation in setCookie()

6.9CVSS

EUVD•added 9 hours ago•5 views

EUVD-2026-38443

6.9CVSS5.9AI score

Nuclei•added 16 hours ago•18 views

Oracle E-Business Suite - Server-Side Request Forgery

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Runtime UI. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. id:...

7.5CVSS7.4AI score0.97582EPSS

Exploits6References5

Nuclei•added 16 hours ago•49 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS

Exploits2References5

NVD•added yesterday•6 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS

RedHat Linux•added yesterday•5 views

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS5.9AI score0.0075EPSS

RedHat Linux•added yesterday•6 views

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

7.5CVSS5.9AI score0.0075EPSS

ATTACKERKB•added yesterday•3 views

CVE-2026-54269

5.3CVSS5.9AI score

Exploits0References2Affected Software1

CVE•added yesterday•10 views

CVE-2026-54269

CVE-2026-54269 affects protobufjs. Prior to versions 8.6.0 and 7.6.3 , schema-derived names could collide with runtime helper properties (e.g., fields named hasOwnProperty, names like $type, and rpcCall). When loaded schemas are used, protobufjs could read schema-controlled data where an own-prop...

5.3CVSS5.9AI score

Cvelist•added yesterday•27 views

CVE-2026-54269 protobufjs: Schema-derived names can shadow runtime-significant properties

5.3CVSS

ATTACKERKB•added yesterday•3 views

CVE-2026-54267

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.8AI score0.00054EPSS

Exploits0References4Affected Software1

Wiz blog•added yesterday•16 views

Cloud-native Security for your Windows environment: Announcing the Wiz Runtime Sensor for Windows

Secure your Windows fleet without sacrificing performance. Wiz pairs real-time threat detection with a memory-safe architecture that scales efficiently to protect your essential cloud infrastructure...

5.5AI score

Exploits0

NVD•added yesterday•10 views

CVE-2023-45796

A stored cross-site scripting vulnerability in the Runtime component of Pilz PASvisu before 1.14.1 and PMI v8xx up to and including 2.0.33992 allows a low-privileged remote unauthenticated attacker to manipulate process data with potential impact on integrity and/or availability...

8.1CVSS

CVE•added yesterday•9 views

CVE-2023-45796

The CVE-2023-45796 applies to Pilz PASvisu Runtime (before 1.14.1) and PMI v8xx (up to 2.0.33992). It is a stored XSS that allows a low-privileged, remote, unauthenticated attacker to manipulate process data, affecting integrity and availability. CVSSv3.1: 8.1 (HIGH); AV:N, AC:L, PR:L, UI:N, S:U,...

8.1CVSS5.7AI score