CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-42032

7.5CVSS5.8AI score

Exploits0References5

Cvelist•added 2026/04/30 12:0 a.m.•43 views

CVE-2026-40685

In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping...

6.5CVSS0.00127EPSS

Vulnrichment•added 2026/04/30 12:0 a.m.•1 views

CVE-2026-40685

6.5CVSS5.8AI score0.00127EPSS

Github Security Blog•added 2026/04/22 6:31 p.m.•3 views

uutils coreutils has an Improper Check for Unusual or Exceptional Conditions

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

4.4CVSS5.5AI score0.00013EPSS

Exploits1References6Affected Software1

ATTACKERKB•added 2026/04/03 3:16 p.m.•3 views

CVE-2026-31402

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer rpibufNFSD4REPLAYISIZE to store encoded operation responses. This size was calculated based on OPEN responses and...

5.8AI score0.00146EPSS

Exploits0References8Affected Software1

NVD•added 2026/03/20 12:16 a.m.•3 views

CVE-2026-32766

astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.6 and earlier, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser...

6.3CVSS0.00017EPSS

Exploits0References2

OSV•added 2026/03/20 12:16 a.m.•1 views

UBUNTU-CVE-2026-32766

ATTACKERKB•added 2026/03/20 12:7 a.m.•2 views

CVE-2026-32766

Exploits0References3Affected Software1

CVE•added 2026/03/20 12:7 a.m.•9 views

CVE-2026-32766

CVE-2026-32766 affects astral-tokio-tar

Exploits0References2Affected Software1

Debian CVE•added 2026/03/20 12:7 a.m.•2 views

CVE-2026-32766

6.3CVSS5.3AI score0.00017EPSS

Exploits0

OSV•added 2026/03/20 12:7 a.m.•1 views

CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction

Vulnrichment•added 2026/03/20 12:7 a.m.•2 views

CVE-2026-32766 astral-tokio-tar insufficiently validates PAX extensions during extraction

UbuntuCve•added 2026/03/20 12:0 a.m.•1 views

Exploits0References2

CVE-2026-32766

Github Security Blog•added 2026/03/17 7:49 p.m.•2 views

Exploits0References3

astral-tokio-tar insufficiently validates PAX extensions during extraction

Impact In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by having...

Exploits0References5Affected Software1

RustSec•added 2026/03/17 12:0 p.m.•4 views

Insufficient validation of PAX extensions during extraction

In versions 0.5.6 and earlier of astral-tokio-tar, malformed PAX extensions were silently skipped when parsing tar archives. This silent skipping rather than rejection of invalid PAX extensions could be used as a building block for a parser differential, for example by silently skipping a malform...

Exploits0Affected Software1

OSV•added 2026/03/17 12:0 p.m.•2 views

RUSTSEC-2026-0066 Insufficient validation of PAX extensions during extraction

Positive Technologies•added 2026/03/17 12:0 a.m.•1 views

Exploits0References2

PT-2026-25983