CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2 days ago•6 views

CVE-2026-45557

Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate excessive network traffic. Fixed in 15.0...

6.9CVSS5.5AI score0.00048EPSS

RedhatCVE•added 2 days ago•6 views

CVE-2026-44308

Spring Cloud AWS simplifies using AWS managed services in a Spring and Spring Boot applications. From 3.0.0 to 4.0.1, pplications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did n...

6.3CVSS5.5AI score0.00108EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2026-40568

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting XSS vulnerability in the mailbox signature feature. The sanitization function Helper::stripDangerousTags app/Misc/Helper.php:568 uses an incomplete blocklist of only four HTM...

8.5CVSS5.4AI score0.00039EPSS

ATTACKERKB•added 2 days ago•5 views

CVE-2026-11414

A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the...

10CVSS5.6AI score0.00079EPSS

OSV•added 3 days ago•5 views

RUSTSEC-2026-0164 `pqcrypto` is unmaintained: upstream PQClean project being archived

The pqcrypto crate and the entire pqcrypto- ecosystem wrap C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches, algorithm updates, or bug fixes will be applied to the upstream implementations. ...

5.8AI score

RustSec•added 3 days ago•5 views

`pqcrypto` is unmaintained: upstream PQClean project being archived

5.8AI score

Exploits0

OSV•added 4 days ago•3 views

SUSE-SU-2026:2229-1 Security update for hplip

This update for hplip fixes the following issues Security issues: - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. - CVE-2026-8631: escalation of privileges and/or arbitrary code execution via ...

9.8CVSS6.3AI score0.00124EPSS

Exploits0References11

RedHat Linux•added 4 days ago•8 views

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

6.5CVSS5.7AI score0.00052EPSS

Exploits0References7

RedhatCVE•added 6 days ago•10 views

CVE-2026-44518

A flaw was found in liboqs, a C-language cryptographic library. An out-of-bounds read vulnerability exists in the XMSS and XMSS^MT stateful signature verification code. A remote attacker could exploit this by providing a malformed signature that is shorter than expected. This could lead to a deni...

5.3CVSS5.7AI score0.00099EPSS

Exploits0References5

OSV•added 6 days ago•4 views

ASB-A-480126173

In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00005EPSS

Github Security Blog•added 2026/05/29 10:17 p.m.•15 views

stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...

5.9AI score

Exploits0References5Affected Software1

NVD•added 2026/05/29 7:16 p.m.•9 views

CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS0.00054EPSS

NVD•added 2026/05/29 7:16 p.m.•18 views

CVE-2026-44518

5.3CVSS0.00099EPSS

Vulnrichment•added 2026/05/29 6:7 p.m.•9 views

CVE-2026-44518 liboqs: XMSS Buffer Overread Bug

EUVD•added 2026/05/29 6:7 p.m.•10 views

EUVD-2026-33412

ATTACKERKB•added 2026/05/29 6:7 p.m.•12 views

CVE-2026-44518

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44930

EUVD•added 2026/05/28 7:4 p.m.•5 views

EUVD-2026-33002

A firmware update mechanism in the affected charging controller fails to validate the authenticity of firmware packages delivered through the device's management interface. Because cryptographic signatures are not verified, an attacker with the ability to interfere with or impersonate the...

9.3CVSS6AI score0.00041EPSS

Tenable Nessus•added 2026/05/28 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-45971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Limit bpf program signature size Practical BPF signatures are significantly smaller tha...

5.7AI score0.00022EPSS