CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9549 matches found

CVE-2025-61027

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

Exploits0References1

NVD•added 10 hours ago•7 views

CVE-2026-56762

Hono before 4.12.12 does not validate cookie names on the write path in the setCookie, serialize, and serializeSigned functions, allowing invalid characters such as control characters e.g. \r or \n when an application passes a user-controlled cookie name. This can produce malformed Set-Cookie...

6.9CVSS

Exploits0References2

EUVD•added 11 hours ago•5 views

EUVD-2026-38443

6.9CVSS5.9AI score

Exploits0References2

CVE•added 23 hours ago•5 views

CVE-2025-61027

CVE-2025-61027 affects OpenLink Virtuoso Open-Source, version 7.2.11 , specifically the t_set_push component. The issue enables denial of service via crafted SQL statements. The connected documents reiterate this description and do not provide root cause details, affected subcomponents beyond t_s...

5.9AI score

Exploits0References1

NVD•added yesterday•6 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00044EPSS

Exploits0References1

ATTACKERKB•added yesterday•3 views

CVE-2026-54287

5.3CVSS5.9AI score0.00044EPSS

Exploits0References2Affected Software1

CVE•added yesterday•11 views

CVE-2026-54287

Summary: Hono’s AWS Lambda adapter, in the ALB single-header mode and VPC Lattice v2, concatenates multiple Set-Cookie headers into a single comma-separated value, causing cookie attributes that include commas (e.g., Expires) to be misparsed or dropped. Affected components: Hono web framework; AW...

5.3CVSS5.9AI score0.00044EPSS

Exploits0References1

Cvelist•added yesterday•28 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

5.3CVSS0.00044EPSS

Exploits0References1

EUVD•added yesterday•6 views

EUVD-2026-38246

Mattermost versions 11.7.x slash command.. Mattermost Advisory ID: MMSA-2026-00644...

5.4CVSS5.9AI score

Exploits0References1

OSV•added yesterday•3 views

ROOT-OS-UBUNTU-2404-CVE-2022-49940 CVE-2022-49940 in rootio-linux - Patched by Root

Root has patched CVE-2022-49940 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS7.6AI score0.00186EPSS

Exploits0

Nuclei•added yesterday•7 views

Rclone RC - Broken Access Control

Rclone = 1.45.0 and = 1.45.0 and 1.73.5 contains a broken access control vulnerability caused by unauthenticated access to the RC endpoint options/set allowing mutation of global runtime configuration, letting unauthenticated attackers access sensitive administrative functions, exploit requires R...

9.8CVSS5.9AI score0.35437EPSS

Exploits1References2

EUVD•added 2 days ago•6 views

EUVD-2026-38159

Craft CMS 4.x = 4.0.0-RC1, = 5.0.0-RC1, 5.9.0-beta.1 contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered without sanitization e.g., via the checkbox.twig template, which used label|raw . An authenticated administrator with...

4.8CVSS5.9AI score

Exploits0References4

NVD•added 4 days ago•7 views

CVE-2026-49295

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in decodercontext::processreferencepictureset libde265/decctx.cc:1376. The root cause is a missing aggregate bound check on predicted...

7.1CVSS0.00074EPSS

Exploits0References2

NVD•added 4 days ago•7 views

CVE-2026-49346

libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in de265imagegetbuffer libde265/image.cc:128. The overflow wraps the plane allocation size to a sma...

7.1CVSS0.00074EPSS

Exploits0References2

OSV•added 4 days ago•8 views

DEBIAN-CVE-2026-49295

7.1CVSS5.9AI score0.00074EPSS

Exploits0References1

OSV•added 4 days ago•5 views

GHSA-H8W8-99G7-QMVJ Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`

Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...

8.2CVSS5.9AI score

Exploits0References2

Cvelist•added 4 days ago•19 views

CVE-2026-49346 libde265 has a heap buffer overflow in de265_image_get_buffer via SPS dimension integer overflow

7.1CVSS0.00074EPSS

Exploits0References2

ATTACKERKB•added 4 days ago•6 views

CVE-2026-49295

7.1CVSS5.9AI score0.00074EPSS

Exploits0References3Affected Software1