CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

276128 matches found

Fedora•added 2026/04/25 1:55 a.m.•2 views

[SECURITY] Fedora 44 Update: qt6-qtopcua-6.10.3-1.fc44

Qt OPC UA API provides classes and functions to access the OPC UA protocol...

5.3AI score

Exploits0

Positive Technologies•added 2026/04/25 12:0 a.m.•3 views

PT-2026-35503

Name of the Vulnerable Software and Affected Versions Note Mark versions prior to 0.19.3 Description An authentication bypass exists in the internal login endpoint. The IsPasswordMatch function in backend/db/models.go uses a hard-coded bcrypt"null" placeholder when a user has no stored password...

9.4CVSS5.8AI score0.00296EPSS

Exploits0References16

Tenable Nessus•added 2026/04/25 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-31536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which wi...

9.8CVSS7.3AI score0.00442EPSS

Exploits0References3

UbuntuCve•added 2026/04/24 10:16 p.m.•3 views

CVE-2026-42171

NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...

7.8CVSS5.8AI score0.0021EPSS

Exploits0References1

vulnersOsv•added 2026/04/24 7:21 p.m.•5 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.0) +7151 more potentially affected by CVE-2026-42033 via axios (>=1.0.0 <=1.15.0)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.1.6-alpha.11, =0.1.6-alpha.12 and more Source cves: CVE-2026-42033 Source advisory:...

7.4CVSS7.6AI score0.00367EPSS

Exploits1

CVE•added 2026/04/24 7:19 p.m.•35 views

CVE-2026-41429

CVE-2026-41429 affects the arduino-esp32 core (ESP32/ESP32-S2/ESP32-S3/ESP32-C3/ESP32-C6/ESP32-H2). The issue is a memory corruption in NBNS packet handling when NetBIOS is enabled via NBNS.begin(...); the code path listens on UDP port 137 and processes untrusted NBNS requests. The request parser...

8.8CVSS5.6AI score0.00307EPSS

Exploits1References1Affected Software1

Github Security Blog•added 2026/04/24 3:19 p.m.•7 views

Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

8.1CVSS6.3AI score0.00441EPSS

Exploits0References8Affected Software1

The Hacker News•added 2026/04/24 2:13 p.m.•5 views

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

The Office of Inspector General OIG of the U.S. National Aeronautics and Space Administration NASA has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from government entities,...

5.8AI score

Exploits0

IBM Security Bulletins•added 2026/04/24 12:3 p.m.•10 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition (CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007)

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their April 2026 Critical Patch Update. For more information please refer to Oracle's April 2026 CPU Advisory and the CVE links referenced below. Vulnerability Details...

7.5CVSS5.2AI score0.00358EPSS

Exploits0Affected Software1