CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

OSV•added 2026/04/21 9:24 a.m.•3 views

SUSE-SU-2026:1519-1 Security update 5.1.3 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-lusitaniae-apacheexporter: - Internal changes to fix build issues with no impact for customers spacecmd: - Version 5.1.13-0 Updated translation strings uyuni-tools: - Version 5.1.26-0 Fixed applying PTF with images from RPMs bsc1252548 Ssl Key...

8.7CVSS5.7AI score0.00375EPSS

Exploits0References18

OSV•added 2026/04/08 12:4 a.m.•3 views

GHSA-PPVX-RWH9-7RJ7 pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

Summary The ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch causes the admin-only check to always evaluate to False, allowing any user with...

6.8CVSS5.9AI score0.00142EPSS

Exploits1References4

NVD•added 2026/04/07 5:16 p.m.•3 views

CVE-2026-35586

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the ADMINONLYCOREOPTIONS authorization set in setconfigvalue uses incorrect option names sslcert and sslkey, while the actual configuration option names are sslcertfile and sslkeyfile. This name mismatch...

6.8CVSS0.00142EPSS

Exploits1References1

CVE•added 2026/04/07 4:9 p.m.•10 views

CVE-2026-35586

The vulnerability CVE-2026-35586 affects pyload-ng and stems from an incorrect admin-only configuration guard: the ADMIN_ONLY_CORE_OPTIONS set uses ssl_cert and ssl_key instead of the actual ssl_certfile and ssl_keyfile names, and ssl_certchain was not included. This lets any non-admin user with ...

6.8CVSS5.9AI score0.00142EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/04/07 4:9 p.m.•2 views

CVE-2026-35586 Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

6.8CVSS5.9AI score0.00142EPSS

Exploits1References1

NVD•added 2026/03/10 6:18 p.m.•2 views

CVE-2026-30928

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all...

8.7CVSS0.01657EPSS

Exploits1References3

OSV•added 2026/03/10 6:18 p.m.•5 views

DEBIAN-CVE-2026-30928

7.5CVSS8.4AI score0.01657EPSS

Exploits1References1

AlpineLinux•added 2026/03/10 4:15 p.m.•4 views

CVE-2026-30928

8.7CVSS5.8AI score0.01657EPSS

Exploits1References3

Github Security Blog•added 2026/03/09 7:50 p.m.•9 views

Glances Exposes Unauthenticated Configuration Secrets

Summary The /api/4/config REST API endpoint returns the entire parsed Glances configuration file glances.conf via self.config.asdict with no filtering of sensitive values. The configuration file contains credentials for all configured backend services including database passwords, API tokens, JWT...

8.7CVSS5.8AI score0.01657EPSS

Exploits1References5Affected Software1

Tenable Nessus•added 2026/01/14 12:0 a.m.•2 views

MiracleLinux 3 : dovecot-1.0.7-7.1AXS3 (AXSA:2009-18:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2009-18:01 advisory. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail...

7.5CVSS7.4AI score0.02328EPSS

Exploits0References3

Tenable Nessus•added 2026/01/14 12:0 a.m.•4 views

Ubuntu 24.04 LTS : Erlang vulnerability (USN-7961-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7961-1 advisory. It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this...

5.5CVSS5.9AI score0.00246EPSS

Exploits0References2