CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 3 days ago•4 views

AlmaLinux 8 : kernel (ALSA-2026:26427)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:26427 advisory. kernel: mptcp: fix slab-use-after-free in inetlookupestablished CVE-2026-31669 kernel: xen/privcmd: fix double free via VMA splitting CVE-2026-31787...

9.8CVSS6.3AI score0.004EPSS

Exploits0References10

Tenable Nessus•added 3 days ago•4 views

Debian dsa-6349 : atril - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6349 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/...

8.4CVSS5.8AI score0.00421EPSS

Tenable Nessus•added 3 days ago•7 views

RHEL 9 : redhat-ds:12 (RHSA-2026:26639)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26639 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

7.5CVSS6AI score0.00815EPSS

Positive Technologies•added 3 days ago•7 views

PT-2026-50727

Development Runner Telephony WebSocket /ws Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID Summary The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote attacker who...

7.5CVSS5.7AI score

Positive Technologies•added 3 days ago•8 views

PT-2026-50729

Component: tract-nnef nnef/src/tensors.rs::read tensor + tract-data data/src/tensor.rs - Affected versions: 0.21.16, 0.22.0–0.22.2, 0.23.0–0.23.1 — the dense DatLoader path was unguarded across all three release lines; patched in 0.21.16 / 0.22.2 / 0.23.1 - Class: CWE-190 integer overflow →...

6.1CVSS5.8AI score

8.8CVSS5.9AI score0.00577EPSS

PT-2026-50634

The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.10.2 via the 'account-id' parameter parameter. This is due to insufficient privilege enforcement on the cf images do setup AJAX handler, which...

Exploits0References6

Positive Technologies•added 3 days ago•8 views

PT-2026-50825

Summary signalk-server versions up to and including 2.27.0 contain a Server-Side Request Forgery SSRF vulnerability in three administrative endpoints used for remote Signal K server connection management. The makeRemoteRequest function accepts attacker-controlled host, port, useTLS, and...

5.8CVSS5.6AI score

Positive Technologies•added 3 days ago•8 views

PT-2026-50721

TL;DR This vulnerability affects Kirby sites that use the writer field in any blueprint. It was possible to include a scripting link as the target of a link or email link. This link target would then be clickable by the user who entered it. A successful attack commonly requires knowledge of the...

7.4CVSS5.4AI score

Exploits0References5

PT-2026-50743

githubreceiver Silently Ignores Configured required headers Authentication Summary The githubreceiver webhook handler does not enforce the required headers configuration. Headers are validated at startup config rejects empty keys/values but never checked on incoming requests. This follows the sam...

6.9CVSS5.5AI score

Positive Technologies•added 3 days ago•7 views

PT-2026-50734

Summary http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, but the host+path implementation uses unanchored substring matching on attacker-controlled request metadata. As a result, a crafted Host header that is only a superstring match for a configur...

6.9CVSS5.5AI score

PT-2026-50735

Summary fixRequestBody is the library's documented helper for re-emitting a request body that was already consumed by a body parser. When the outgoing Content-Type is multipart/form-data, it rebuilds the body with handlerFormDataBodyData, which interpolates each req.body key and value directly in...

7.5CVSS5.3AI score

PT-2026-50723

TL;DR This vulnerability affects Kirby sites and plugins that use the writer or list fields or that use $dom-sanitize, Sane::sanitize, SaneHtml::sanitize, SaneSvg::sanitize, SaneXml::sanitize, Sane::sanitizeFile or $file-sanitizeContents with untrusted input. It was possible to inject malicious...

8.5CVSS5.3AI score

Exploits0References5

PT-2026-50719

Summary The Sentry exporter constructs Sentry API URLs by interpolating the span's service.name resource attribute into the URL path without validation. Because service.name is controlled by remote OTLP senders and the operator-configured bearer token is attached to every request, a crafted servi...

5.3CVSS5.6AI score

7.6CVSS5.2AI score0.00171EPSS

PT-2026-50646

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to stored Cross-Site Scripting in the Personal File Storage PFS module. A folder title pff title is imported with the 'TXT' filter, which does not strip or encode HTML the tag check in cot import is disabled, so an authenticated user can...

Exploits0References2

PT-2026-50733

Summary piscina's constructor and run paths read the filename option via plain member access: js // dist/index.js line 92 constructor const filename = options.filename ? 0, common 1.maybeFileURLToPathoptions.filename : null; this.options = ...kDefaultOptions, ...options, filename, maxQueue: 0 ; /...

8.1CVSS5.3AI score

PT-2026-50793

Impact CookieJar incorrectly accepts cookies with a dot-only Domain attribute, such as Domain=., Domain=.., Domain=..., and whitespace-padded variants such as Domain= . . In affected versions, SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the...

5.8CVSS5.9AI score