CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS0.00317EPSS

Exploits0References3

NVD•added 2026/06/12 4:16 p.m.•11 views

CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS0.00204EPSS

Exploits0References2

Circl•added 2026/06/12 4:1 p.m.•8 views

CVE-2026-54133

creationtimestamp| type| source ---|---|--- 2026-06-12 16:01:52+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo44g5a3ue2n 2026-06-12 18:24:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4eeqak4c2t 2026-06-15 19:07:08+00:00| seen|...

9.8CVSS4.9AI score0.0032EPSS

Exploits0References7

Circl•added 2026/06/12 4:1 p.m.•6 views

CVE-2026-53787

creationtimestamp| type| source ---|---|--- 2026-06-12 16:01:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo44fvvomc26 2026-06-14 23:15:44+00:00| seen| https://bsky.app/profile/securitycyberuk.bsky.social/post/3mobvlueltg25 2026-06-15 16:28:58+00:00| seen|...

9.8CVSS4.9AI score0.00788EPSS

Exploits0References3

Circl•added 2026/06/12 4:0 p.m.•7 views

CVE-2026-6853

creationtimestamp| type| source ---|---|--- 2026-06-12 16:00:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mo44dzous22q 2026-06-12 17:26:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4b5scnsk2l 2026-06-14 23:15:37+00:00| seen|...

9.8CVSS4.9AI score0.00346EPSS

Exploits0References4

Circl•added 2026/06/12 4:0 p.m.•4 views

GHSA-8HG8-63C5-GWMX

creationtimestamp| type| source ---|---|--- 2026-06-12 16:00:32+00:00| seen| https://bsky.app/profile/euvd-bot.bsky.social/post/3mo44dsnzdc2y...

5AI score

Exploits0References1

Circl•added 2026/06/12 3:53 p.m.•7 views

CVE-2026-9641

creationtimestamp| type| source ---|---|--- 2026-06-12 15:53:29+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo43x72deo2v 2026-06-12 18:39:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4f7m6z7522 2026-06-14 10:48:56+00:00| seen|...

5.3CVSS5AI score0.00195EPSS

Exploits0References5

OSV•added 2026/06/12 3:8 p.m.•3 views

GHSA-6964-PP88-6WP9 Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step

Summary The executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller without additional validation. When combined with a REST datasource configured to target internal infrastructure, this creates a server-side...

5.1CVSS5.9AI score0.00311EPSS

Exploits0References3

Cvelist•added 2026/06/12 2:34 p.m.•22 views

CVE-2026-44206 Frappe: DB Schema Enumeration via Frappe-Authorization-Source

Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4...

6.9CVSS0.00312EPSS

Exploits0References1

CVE•added 2026/06/12 2:34 p.m.•9 views

CVE-2026-44206

Frappe (full-stack web application framework) contains CVE-2026-44206, where DB Schema Enumeration is possible via a vulnerable endpoint prior to versions 15.107.2 and 16.17.4. The issue has been patched in those versions. The CVSS 4.0 base score is 6.9 (MEDIUM) with network attack vector, low co...

6.9CVSS5.2AI score0.00312EPSS

Exploits0References1

GithubExploit•added 2026/06/12 2:33 p.m.•41 views

sbom-risk-analyzer

SBOM-Risk-Analyzer Exploitability-weighted vulnerability pri...

5.5AI score

Exploits0

NVD•added 2026/06/12 2:16 p.m.•8 views

CVE-2026-49993

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete fix for GHSA-6m52-m754-pw2g. Source code may still be stolen during dev when using the webpack /...

5.9CVSS0.00201EPSS

Exploits1References5

NVD•added 2026/06/12 2:16 p.m.•8 views

CVE-2026-45670

Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix for GHSA-4gf7-ff8x-hq99. Source code may be stolen during dev when using the webpack /...

5.9CVSS0.00203EPSS

Exploits1References3

EUVD•added 2026/06/12 2:16 p.m.•6 views

EUVD-2026-36447

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.4...

10CVSS5.7AI score0.00885EPSS

Exploits0References3

Circl•added 2026/06/12 2:15 p.m.•7 views

CVE-2017-20240

creationtimestamp| type| source ---|---|--- 2026-06-12 14:15:26+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mo3whv6i542r...

5.9CVSS5AI score0.0032EPSS

Exploits0References1

Circl•added 2026/06/12 1:57 p.m.•8 views

CVE-2026-47196

creationtimestamp| type| source ---|---|--- 2026-06-12 13:57:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo3vgwapyy23...

8.4CVSS5AI score0.00235EPSS

Exploits0References1