CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1179 matches found

EUVD-2026-38641

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS6.2AI score

Exploits0References3

CVE•added 2 days ago•10 views

CVE-2026-54269

CVE-2026-54269 affects protobufjs. Prior to versions 8.6.0 and 7.6.3 , schema-derived names could collide with runtime helper properties (e.g., fields named hasOwnProperty, names like $type, and rpcCall). When loaded schemas are used, protobufjs could read schema-controlled data where an own-prop...

5.3CVSS5.9AI score0.00238EPSS

Exploits0References1

Positive Technologies•added 5 days ago•8 views

PT-2026-51002

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The library fetches content of option values server-side using the file get contents function when a value is...

6.5CVSS5.9AI score0.00242EPSS

Exploits0References7

Circl•added 2026/06/17 2:0 a.m.•7 views

CVE-2026-50656

creationtimestamp| type| source ---|---|--- 2026-06-17 02:00:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moh7qulrzn2n 2026-06-17 08:36:55+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-607 2026-06-17 10:00:59+00:00| seen|...

7.8CVSS6.1AI score0.03391EPSS

Exploits0References47

NVD•added 2026/06/16 5:16 p.m.•8 views

CVE-2026-42089

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS0.00139EPSS

Exploits0References3

CVE•added 2026/06/13 2:29 a.m.•27 views

CVE-2026-9848

The WP Ticket WordPress plugin (versions up to 6.0.4) is vulnerable to SQL Injection via the WordPress search parameter s. The vulnerability arises when unauthenticated front-end search triggers wp_ticket_com_posts_request(), which calls emd_author_search_results() and concatenates the raw s valu...

7.5CVSS5.8AI score0.00337EPSS

Exploits0References7

OSV•added 2026/06/12 12:26 p.m.•13 views

OESA-2026-2660 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not add Authorization to the Vary response header...

5.3CVSS5.5AI score0.00359EPSS

Exploits0References6

OSV•added 2026/06/12 12:25 p.m.•53 views

OESA-2026-2645 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability, which was classifie...

8.8CVSS4.6AI score0.00541EPSS

Exploits4References5

Positive Technologies•added 2026/06/12 12:0 a.m.•8 views

PT-2026-48929

Name of the Vulnerable Software and Affected Versions NanaZip versions 3.0.1000.0 through 6.0.1697.0 Description A heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a bounds check allows an...

5.4CVSS5.2AI score0.0017EPSS

Exploits0References4

Tenable Nessus•added 2026/06/12 12:0 a.m.•10 views

Adobe Substance 3D Sampler <= 6.0.0 Multiple Arbitrary Code Execution Vulnerabilities (APSB26-60)

The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 6.0.0. It is, therefore, affected by multiple out-of-bounds write vulnerabilities as referenced in the APSB26-60 advisory. - Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bound...

7.8CVSS6.2AI score0.00144EPSS

Exploits0References5

CVE•added 2026/06/11 6:34 p.m.•34 views

CVE-2026-46519

CVE-2026-46519 affects mcp-server-kubernetes (Model Context Protocol server) prior to version 3.6.0. The issue stems from access controls implemented via three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) being enforced only at the tool discov...

8.8CVSS5.6AI score0.00376EPSS

Exploits0References2

RedhatCVE•added 2026/06/10 9:0 p.m.•10 views

CVE-2026-34710

Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.1AI score0.00144EPSS

Exploits0References1

Cvelist•added 2026/06/10 12:33 a.m.•36 views

CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS0.00126EPSS

Exploits0References7

CNNVD•added 2026/06/10 12:0 a.m.•13 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from issues with the security service wrapper component in the esptee module, which...

9.3CVSS5.3AI score0.00126EPSS

Exploits0References1

Vulnrichment•added 2026/06/09 7:15 p.m.•8 views

CVE-2026-34710 Substance3D - Sampler | Out-of-bounds Write (CWE-787)

7.8CVSS6.1AI score0.00144EPSS

Exploits0References1

Cvelist•added 2026/06/09 7:15 p.m.•31 views

CVE-2026-34709 Substance3D - Sampler | Out-of-bounds Write (CWE-787)

7.8CVSS0.00138EPSS

Exploits0References1

CNNVD•added 2026/06/09 12:0 a.m.•11 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...

5.4CVSS5.5AI score0.00283EPSS

Exploits0References1

ATTACKERKB•added 2026/06/08 3:41 p.m.•7 views

CVE-2026-48507

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular users.edit permission to lock every admin out of the instance by editing the activated flag which determines whether or not a user can login and the...

7.1CVSS5.5AI score0.00194EPSS

Exploits0References3Affected Software1

OSV•added 2026/06/06 8:39 a.m.•8 views

BIT-DJANGO-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.3AI score0.0015EPSS

Exploits0References4

RedhatCVE•added 2026/06/05 7:46 p.m.•9 views

CVE-2026-33565

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS5.4AI score0.00094EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by