CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3124 matches found

SUSE-SU-2026:21944-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...

7CVSS6AI score0.0023EPSS

Exploits1References12

OSV•added 2026/05/28 12:13 p.m.•2 views

SUSE-SU-2026:21859-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim...

7.8CVSS7.5AI score0.0023EPSS

Exploits1References14

RedHat Linux•added 2026/05/07 6:0 p.m.•4 views

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

A flaw was found in Active Support, a toolkit of support libraries for Ruby on Rails. A remote attacker can exploit this vulnerability by providing specially crafted strings containing scientific notation e.g., "1e10000" to number helpers. This input causes the BigDecimal component to expand into...

8.7CVSS5.8AI score0.00032EPSS

Exploits0References11

RedHat Linux•added 2026/05/07 5:29 p.m.•7 views

Rails: Active Support: Active Support: Denial of Service via large scientific notation strings

8.7CVSS5.8AI score0.00032EPSS

Exploits0References11

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в python-django

A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The floatformat template filter consumes significant memory when dealing with a string representation of a number in scientific notation with a large exponent...

7.5CVSS6.8AI score0.01386EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в gsl

A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL GNU Scientific Library, versions 2.5 and 2.6. Processing a maliciously crafted input data for gslstatsquantilefromsorteddata of the library may lead to unexpected application termination or arbitra...

6.5CVSS8.2AI score0.00256EPSS

Exploits0References2

Packet Storm News•added 2026/04/20 12:0 a.m.•1 views

Zeek 8.0.7

Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek ha...

5.8AI score

Exploits0

Veracode•added 2026/03/28 5:31 a.m.•3 views

Denial Of Service (DoS)

Active Support is vulnerable to Denial of Service. The vulnerability is due to the acceptance of strings containing scientific notation by Active Support number helpers, where the conversion of these strings to extremely large decimal representations can cause excessive memory allocation and CPU...

8.7CVSS5.9AI score0.00032EPSS

Exploits0References7Affected Software1

Fedora•added 2026/03/28 12:46 a.m.•7 views

[SECURITY] Fedora 43 Update: bcftools-1.23.1-1.fc43

BCFtools is a set of utilities that manipulate genomic variant calls in the Variant Call Format VCF and its binary counterpart BCF. All commands work transparently with both VCFs and BCFs, both uncompressed and BGZF-compressed. This BCFtools includes the polysomy subcommand, which is implemented...

8.8CVSS5.9AI score0.0007EPSS

Exploits0

OSV•added 2026/03/28 12:0 a.m.•1 views

OPENSUSE-SU-2026:10449-1 gsl-2.8-5.1 on GA media

These are all security issues fixed in the gsl-2.8-5.1 package on the GA media of openSUSE Tumbleweed...

3.6CVSS5.9AI score0.00033EPSS

Exploits1References1

SUSE CVE•added 2026/03/25 12:23 a.m.•2 views

SUSE CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation e.g. 1e10000, which BigDecimal expands into extremely large...

8.7CVSS5.9AI score0.00032EPSS

Exploits0References3

RedhatCVE•added 2026/03/24 11:13 a.m.•4 views

CVE-2026-33176

8.7CVSS5.8AI score0.00032EPSS

Exploits0References10

Snyk•added 2026/03/24 12:32 a.m.•4 views

Allocation of Resources Without Limits or Throttling

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NumberConverter. An attacker can cause excessive memory allocation by...

8.7CVSS5.8AI score0.00032EPSS

Exploits0References2

NVD•added 2026/03/24 12:16 a.m.•4 views

CVE-2026-33176

8.7CVSS0.00032EPSS

Exploits0References7

OSV•added 2026/03/24 12:16 a.m.•1 views

DEBIAN-CVE-2026-33176

7.5CVSS4.7AI score0.00032EPSS

Exploits0References1

UbuntuCve•added 2026/03/24 12:16 a.m.•3 views

CVE-2026-33176

8.7CVSS5.9AI score0.00032EPSS

Exploits0References8

OSV•added 2026/03/24 12:16 a.m.•0 views

UBUNTU-CVE-2026-33176

8.7CVSS5.8AI score0.00032EPSS

Exploits0References9

CNNVD•added 2026/03/24 12:0 a.m.•2 views

ITK 安全漏洞

ITK is an open-source cross-platform tool suite for scientific image processing and segmentation, developed by the Insight Software Consortium. Versions of ITK prior to 2.7.1 contained security vulnerabilities, which were caused by integer overflow or circularity errors...

9.4CVSS5.9AI score0.00063EPSS

Exploits0References2