CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

6.5CVSS6.9AI score0.00151EPSS

Astra Linux - уязвимость в qemu

An integer underflow issue was discovered in the QEMU VNC server while processing ClientCutText messages in the extended format. A malicious client could exploit this flaw to render QEMU unresponsive by sending a specially crafted payload message, resulting in a denial of service...

7.8CVSS6.5AI score0.00021EPSS

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: net/tls: Fixed an issue where a use-after-free occurred after the TLS device went down or came back online. When a netdev with active TLS offloading goes down, the tlsdevicedown function is called to stop the offloading and te...

5.5CVSS6.2AI score0.00099EPSS

Astra Linux - уязвимость в advancecomp

It was discovered that Advancecomp v2.3 contains a heap buffer overflow vulnerability...

Exploits1References1

6.3CVSS6.5AI score0.01155EPSS

Astra Linux - уязвимость в apache2

Splitting HTTP responses across multiple modules in the Apache HTTP Server allows an attacker who can inject malicious response headers into backend applications to carry out an HTTP desynchronization attack. It is recommended that users upgrade to version 2.4.59, as this issue has been fixed in...

OSV•added 2026/05/20 1:22 a.m.•3 views

MAL-2026-4643 Malicious code in polymarket-clob-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0a3a7bbeb25fb478d59cdd4b62ebb34c13e8e236505813660e81abf61e74ec The package is published as polymarket-clob-client, an unscoped lookalike of the legitimate @polymarket/clob-client maintained by Polymarket, but the...

5.9AI score

Tenable Nessus•added 2026/05/20 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emactxmemmap The DMA mappings were leaked on mapping...

7.5CVSS5.7AI score0.00054EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42185

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects CityPLus: before V24.29750.1.0...

7.6CVSS5.8AI score0.00037EPSS

CNNVD•added 2026/05/20 12:0 a.m.•6 views

Progress Software MOVEit 安全漏洞

Progress Software MOVEit is a secure hosted file transfer software developed by Progress Software Corporation in the United States. Versions of Progress Software MOVEit prior to 2025.0.11, as well as versions from 2025.1.0 to 2025.1.7, contained security vulnerabilities. These vulnerabilities wer...

7.5CVSS5.8AI score0.00183EPSS

CNNVD•added 2026/05/20 12:0 a.m.•8 views

Progress Software MOVEit 安全漏洞

7.5CVSS5.8AI score0.00211EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•7 views

PT-2026-42266

Name of the Vulnerable Software and Affected Versions HP Linux Imaging and Printing Software versions prior to 3.26.4 Description An integer overflow exists in the hpcups processing path when handling crafted print data. This flaw allows unauthenticated attackers to bypass memory limits,...

9.8CVSS5.8AI score0.00124EPSS

Exploits0References36

OSV•added 2026/05/20 12:0 a.m.•2 views

UBUNTU-CVE-2026-41292

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data...

8.7CVSS5.8AI score0.00075EPSS

Exploits0References5

CNNVD•added 2026/05/20 12:0 a.m.•5 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of Tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the opena.php file. It could allo...

5.1CVSS5.8AI score0.00029EPSS

Tenable Nessus•added 2026/05/20 12:0 a.m.•7 views

Amazon Linux 2023 : mount-s3 (ALAS2023-2026-1655)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1655 advisory. A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate...

9.1CVSS5.8AI score0.00026EPSS

Exploits0References4

Vulnrichment•added 2026/05/19 11:17 p.m.•5 views

CVE-2026-34970 MantisBT Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior allow a bugnote author to access the note's Revisions page after losing access to the parent private issue. This issue has been fixed in version 2.28.2...

5.3CVSS5.7AI score0.00015EPSS

Exploits0References3

NVD•added 2026/05/19 10:16 p.m.•9 views

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

8.1CVSS0.00032EPSS

CVE•added 2026/05/19 9:9 p.m.•10 views

CVE-2026-34241

CVE-2026-34241 (CtrlPanel) : Open-source hosting billing software with versions ≤ 1.1.1 contains a Stored XSS in the ticket reply notification system. Unsanitized content in $newmessage is stored in notification payloads and later rendered with Blade’s {!! !!} in recipients’ browsers, affecting b...

8.7CVSS6AI score0.00037EPSS