CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/09 12:0 a.m.•10 views

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a company based in the United States. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log...

6.8CVSS5.4AI score0.00119EPSS

Cvelist•added 2026/06/03 12:0 a.m.•31 views

CVE-2026-36610

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 transmits DDNS credentials over plaintext HTTP with only Base64 encoding. The firmware contains no TLS implementation, allowing man-in-the-middle interception of DDNS service credentials...

0.00147EPSS

NVD•added 2026/05/27 7:16 p.m.•9 views

CVE-2026-45046

Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions that the default log level is minimal while it is standard. Source code review shows sensitive...

5.5CVSS0.00106EPSS

OSV•added 2026/05/26 5:16 p.m.•7 views

DEBIAN-CVE-2026-48697

FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The executewebrequestsecure function in src/fastlibrary.cpp creates a boost::asio::ssl::context with tlsclient mode and calls setdefaultverifypaths to load CA certificates, but never calls...

7.4CVSS5.8AI score0.00164EPSS

RedHat Linux•added 2026/05/20 2:10 a.m.•7 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

RedHat Linux•added 2026/05/19 4:19 p.m.•7 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

RedHat Linux•added 2026/05/14 3:19 p.m.•6 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

RedHat Linux•added 2026/05/14 2:6 p.m.•9 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

Cvelist•added 2026/05/06 3:8 p.m.•45 views

CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow

The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...

8.6CVSS0.00126EPSS

CNNVD•added 2026/05/05 12:0 a.m.•7 views

Quarkus 安全漏洞

Quarkus is an open-source cloud-native Linux framework for writing Java applications. Quarkus has a security vulnerability that stems from inconsistent path normalization between the security layer and the routing layer. This vulnerability allows unauthenticated or low-privilege users to bypass...

8.8CVSS5.8AI score0.00265EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability in cyrus-sasl2

In Cyrus SASL 2.1.17 through 2.1.27 up to 2.1.28, the plugins/sql.c file does not escape the password used in SQL INSERT or UPDATE statements...

8.8CVSS7.3AI score0.04123EPSS

Vulnrichment•added 2026/04/17 7:27 p.m.•3 views

CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode

xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code MAC signature of encrypted RDP packets when using the "Classic RDP Security" layer. While the sender correctly generates signatures, the receiving logic lacks th...

9.3CVSS5.6AI score0.00174EPSS

EUVD•added 2026/04/17 7:27 p.m.•2 views

EUVD-2026-23472

9.3CVSS5.6AI score0.00174EPSS

CVE•added 2026/04/17 7:27 p.m.•11 views

CVE-2026-32105

This CVE concerns xrdp, an open source RDP server. In versions up to 0.10.5, xrdp does not verify the MAC (8-byte integrity signature) of RDP packets when using the Classic RDP Security layer. The receiver’s logic fails to validate the MAC, allowing an unauthenticated attacker with MITM capabilit...

9.3CVSS5.6AI score0.00174EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/04/17 7:27 p.m.•3 views

CVE-2026-32105

9.3CVSS5.3AI score0.00174EPSS

Exploits0

CNNVD•added 2026/04/17 12:0 a.m.•7 views

xrdp 安全漏洞

xrdp is an open-source remote desktop protocol server developed by Neutrinolabs. Versions of xrdp 0.10.5 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of verification of the message authentication code signature for encrypted RDP packets when the classic R...

9.3CVSS5.9AI score0.00174EPSS