CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/16 12:0 a.m.•7 views

PT-2026-50175

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description When @n8n/mcp-browser is operated in HTTP transport mode using the --transport http flag, the MCP endpoint allows session initialization and tool invocation requests without...

10CVSS5.9AI score0.00415EPSS

Exploits0References4

Cvelist•added 2026/06/12 6:44 p.m.•33 views

CVE-2026-50287 Missing Authentication for Critical Function in @agenticmail/mcp

AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can...

8.7CVSS0.00359EPSS

RedhatCVE•added 2026/04/20 6:31 a.m.•4 views

CVE-2026-33145

A flaw was found in xrdp. An authenticated remote user can exploit this vulnerability due to the unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled, xrdp executes client-supplied AlternateShell values via /bin/sh -c during session...

6.3CVSS6.1AI score0.00356EPSS

OSV•added 2026/04/17 9:16 p.m.•4 views

DEBIAN-CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.3AI score0.00356EPSS

ATTACKERKB•added 2026/04/17 8:14 p.m.•5 views

CVE-2026-33145

6.3CVSS6.2AI score0.00356EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/17 8:14 p.m.•2 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

6.3CVSS6.2AI score0.00356EPSS

Debian CVE•added 2026/04/17 8:14 p.m.•4 views

CVE-2026-33145

6.3CVSS6.2AI score0.00356EPSS

Exploits0

AlpineLinux•added 2026/04/17 8:14 p.m.•3 views

CVE-2026-33145

6.3CVSS6.3AI score0.00356EPSS

Exploits0

RedHat Linux•added 2026/02/05 3:8 p.m.•10 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

A use-after-free vulnerability was found in the Ceph client session initialization in the Linux kernel. The havemonandosdmap function checks map epochs without holding the appropriate locks, racing with concurrent map updates that free the old map. This can result in dereferencing freed memory...

5.8AI score0.00173EPSS

RedHat Linux•added 2026/01/19 12:45 a.m.•9 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

5.8AI score0.00173EPSS

RedHat Linux•added 2026/01/14 12:17 a.m.•6 views

kernel: libceph: fix potential use-after-free in have_mon_and_osd_map()

5.8AI score0.00173EPSS

OSV•added 2025/10/09 4:15 p.m.•6 views

CVE-2025-52960

A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service DoS. When memory utilization is high, and specific...

8.2CVSS5.8AI score

CNNVD•added 2025/10/09 12:0 a.m.•3 views

Juniper Networks Junos OS SRX和Juniper Networks Junos OS MX 安全漏洞

Juniper Networks Junos OS is a Juniper Networks USA network operating system dedicated to the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS on SRX Series and MX Series versio...

8.2CVSS6.2AI score0.00302EPSS

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-16005

Malware in sbrugna...

7.5CVSS8.3AI score0.01177EPSS

Exploits0References6

RedHat Linux•added 2025/08/27 12:8 p.m.•5 views

kernel: tee: amdtee: fix race condition in amdtee_open_session

A use-after-free vulnerability was found in the AMD TEE driver in the Linux kernel. The flaw occurs from a race condition in the amdteeopensession function, where the session is marked as active in sess-sessmask before the corresponding sess structure is fully initialized. If a parallel thread...

4.7CVSS7.2AI score0.00111EPSS

RedHat Linux•added 2025/08/18 12:0 p.m.•5 views

kernel: tee: amdtee: fix race condition in amdtee_open_session

4.7CVSS7.2AI score0.00111EPSS

NCSC•added 2025/06/19 8:42 a.m.•5 views

Vulnerability fixed in Cisco AnyConnect VPN for Meraki MX and Z

Cisco has fixed a vulnerability in the Cisco AnyConnect VPN server on Cisco Meraki MX and Z Series devices. The vulnerability is in how the Cisco AnyConnect VPN server initializes variables during the establishment of SSL VPN sessions. Unauthenticated remote attackers can exploit this...

8.6CVSS6.9AI score0.00477EPSS

CNVD•added 2017/06/08 12:0 a.m.•3 views

Cisco TelePresence Endpoint Denial of Service Vulnerability

Cisco TelePresence is a Cisco TelePresence solution. A security vulnerability in the session initialization protocol of the Cisco TelePresence Codec TC and Collaboration Endpoint CE software can be exploited by an attacker to cause an unintended reload of an affected endpoint, resulting in a deni...

7.8CVSS6.8AI score0.03564EPSS

CNVD•added 2017/03/21 12:0 a.m.•3 views

xrdp elevation of privilege vulnerability

xrdp is an open source Remote Desktop Protocol RDP server developed by software developer Jay Sorg. An elevation of privilege vulnerability exists in xrdp version 0.9.1, which stems from a failure to properly initialize the PAM session module. An attacker can exploit this vulnerability to cause a...

7.5CVSS7.2AI score0.01177EPSS