CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 4 hours ago•4 views

SUSE CVE-2026-8404

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

OSV•added yesterday•3 views

ROOT-APP-PYPI-CVE-2025-64512 CVE-2025-64512 in rootio-pdfminer.six - Patched by Root

Root has patched CVE-2025-64512 in the rootio-pdfminer.six package for Root:PyPI. Multiple fixed versions available...

8.6CVSS5.4AI score0.00143EPSS

Exploits1

NVD•added yesterday•3 views

CVE-2026-46244

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftinner: Fix IPv6 innerthoff desync In nftinnerparsel2l3, when processing inner IPv6 packets, ipv6findhdr correctly computes the transport header offset traversing all extension headers, but the result is immediately...

CVE•added yesterday•4 views

CVE-2026-46260

CVE-2026-46260 : Linux kernel IPv6 routing path vulnerability in fib6_add_rt2node() that can cause a slab-out-of-bounds read when an IPv6 route is created with RTA_NH_ID. The issue arose because struct fib6_info could be followed by a trailing fib6_nh, leading to an OOB access if iter->fib6_nh...

5.8AI score

Cvelist•added yesterday•9 views

CVE-2026-46244 netfilter: nft_inner: Fix IPv6 inner_thoff desync

RedHat Linux•added yesterday•3 views

kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...

9.8CVSS5.8AI score0.00076EPSS

The Hacker News•added yesterday•3 views

Microsoft 365 Android Apps Let Any App Steal Account Tokens via Leftover Debug Flag

A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps. Any other app on the same phone could ask for the signed-in user's token and get it, then read email, open files, browse t...

7.7CVSS5.8AI score0.00046EPSS

IBM Security Bulletins•added yesterday•3 views

Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

5.7AI score

Exploits0Affected Software1

RedHat Linux•added yesterday•4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00044EPSS

Exploits0References8

NVD•added yesterday•3 views

CVE-2024-47263

An improper limitation of a pathname to a restricted directory 'Path Traversal' vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive informati...

4.1CVSS

Exploits0References1

Vulnrichment•added yesterday•2 views

CVE-2026-35193 Potential exposure of private data via missing Vary: Authorization in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header for requests bearing that header without Cache-Control: public, which allows remote attackers to read private...

Debian CVE•added yesterday•2 views

CVE-2026-35193

ATTACKERKB•added yesterday•3 views

CVE-2026-7666

Exploits0References4Affected Software1

Debian CVE•added yesterday•4 views

CVE-2026-7666

3.1CVSS5.7AI score

CVE•added yesterday•5 views

CVE-2026-6873

Django vulnerability CVE-2026-6873 affects Django 6.0 before 6.0.6 and 5.2 before 5.2.15. The issue is in django.http.HttpRequest.get_signed_cookie, where a non-injective salt derivation (concatenating the cookie name and salt argument) allows a remote attacker to use a cookie in a context differ...

Vulnrichment•added yesterday•3 views

CVE-2026-6873 Signed cookie salt namespace collision in django.http.HttpRequest.get_signed_cookie

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.http.HttpRequest.getsignedcookie in Django uses a non-injective salt derivation concatenating the cookie name and salt argument, which allows a remote attacker to use a cookie in a context different from the one wher...

OSV•added yesterday•1 views

ROOT-OS-UBUNTU-2404-CVE-2026-43021 CVE-2026-43021 in rootio-linux - Patched by Root

Root has patched CVE-2026-43021 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

7CVSS5.8AI score0.00017EPSS

OSV•added yesterday•3 views

ROOT-OS-UBUNTU-2404-CVE-2026-43495 CVE-2026-43495 in rootio-linux - Patched by Root

Root has patched CVE-2026-43495 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

8.8CVSS5.8AI score0.00021EPSS