CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64 matches found

Tenable Nessus•added 2026/05/08 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-43353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path hcidmadequeuexfer may be invoked for multiple transfers that timeout around the same...

7.8CVSS5.8AI score0.00012EPSS

Exploits0References4

Cvelist•added 2026/05/07 3:47 a.m.•31 views

CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS0.0002EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в python3.11, python2.7, python3.7

There is a medium-severity vulnerability affecting CPython. The email module does not properly quote newlines for email headers when serializing an email message, allowing for header injection when an email is serialized...

5.5CVSS6.8AI score0.00238EPSS

Exploits0References2

CNNVD•added 2026/05/01 12:0 a.m.•4 views

Mix PHP 代码问题漏洞

Mix PHP is Mix PHP open source a PHP command line mode development framework that supports seamless multi-server ecosystem switching. A code issue vulnerability exists in Mix PHP versions 2.x through 2.2.17 that stems from a session and cache handler call to unserialize on file system data in the...

9.8CVSS5.9AI score0.00055EPSS

Exploits0References1

Snyk•added 2026/01/22 3:46 a.m.•2 views

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with...

8.7CVSS5.5AI score0.00041EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:17 a.m.•3 views

CVE-2021-0970

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.8CVSS7.7AI score0.00021EPSS

Exploits0References1