CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 1 hour ago•4 views

CVE-2025-52611 HCL iControl was affected by Unhandled Exception - Stack Trace Disclosure vulnerability

3.1CVSS

Nuclei•added 8 hours ago•48 views

Microweber < 1.2.11 - CRLF Injection

CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. id: CVE-2022-0666 info: name: Microweber 1.2.11 - CRLF Injection author: ritikchaddha severity: high description: | CRLF Injection leads to Sta...

7.6CVSS7.1AI score0.2338EPSS

Exploits1References3

Github Security Blog•added 6 days ago•7 views

vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...

5.8AI score

Exploits0References4Affected Software1

OSV•added 6 days ago•4 views

GHSA-Q3FM-4WCW-G57X vm2 setup-sandbox.js violates Defense Invariant #11 in stack-trace formatter

2.1CVSS5.8AI score

Exploits0References4

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed page reclamation for dead peer hairpin When adding a hairpin flow, a send queue is created on the peer net device’s side, which claims some host memory pages for its internal ring buffer. If the peer net devic...

5.5CVSS6.5AI score0.0001EPSS

Exploits0References2

RedHat Linux•added 2026/05/19 10:12 p.m.•15 views

python-markdown: denial of service via malformed HTML-like sequences

A flaw was found in Python-Markdown. Parsing crafted markdown content containing malformed HTML-like sequences causes html.parser.HTMLParser to raise an unhandled AssertionError. This unhandled exception allows an attacker to cause an application crash and potentially disclose sensitive informati...

RedHat Linux•added 2026/05/19 4:30 p.m.•8 views

python-markdown: denial of service via malformed HTML-like sequences

RedhatCVE•added 2026/05/15 7:57 p.m.•4 views

CVE-2026-42552

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...

NVD•added 2026/05/13 8:16 p.m.•2 views

CVE-2026-42552

7.5CVSS0.00015EPSS

CVE•added 2026/05/13 7:24 p.m.•5 views

CVE-2026-42552

Flight PHP core prior to version 3.18.1 exposes verbose error information via the Engine::_error() handler, including the exception message, code, and full stack trace with absolute filesystem paths, in HTTP 500 responses. This leads to leakage of internal paths, secrets embedded in messages, and...

Vulnrichment•added 2026/05/13 7:24 p.m.•4 views

CVE-2026-42552 Flight: Sensitive information disclosure via default error handler in flightphp/core

CVE•added 2026/05/13 5:29 p.m.•6 views

CVE-2026-44002

CVE-2026-44002 affects the vm2 sandbox for Node.js. Before 3.11.0, the CallSite wrapper blocks getThis() and getFunction() but allows getFileName() to reveal unsanitized host absolute paths. This enables sandboxed code to leak the host directory structure, library paths, and framework versions (v...

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/13 5:29 p.m.•2 views

CVE-2026-44002 vm2: Host File Path Disclosure via Stack Trace Information Leak

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can...

RedHat Linux•added 2026/05/07 6:0 p.m.•7 views

Exploits1References1

python-markdown: denial of service via malformed HTML-like sequences

RedHat Linux•added 2026/05/07 5:9 p.m.•7 views

python-markdown: denial of service via malformed HTML-like sequences

Github Security Blog•added 2026/05/07 4:30 a.m.•3 views

vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak

Summary vm2's CallSite wrapper class intended as a safe wrapper for V8's native CallSite blocks getThis and getFunction to prevent host object leakage, but allows getFileName to return unsanitized host absolute paths. Any sandboxed code can extract the full directory structure, library paths, and...

Exploits1References4Affected Software1

OSV•added 2026/05/07 4:30 a.m.•0 views

GHSA-V27G-JCQJ-V8RW vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak

Patchstack•added 2026/05/07 4:30 a.m.•4 views

Exploits1References4

NPM: vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak

NPM: vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

5.8CVSS5.8AI score0.00036EPSS

Exploits1References4Affected Software1

Github Security Blog•added 2026/05/06 9:39 p.m.•3 views

Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...