CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74085 matches found

Debian CVE•added 2026/04/16 9:34 p.m.•8 views

CVE-2026-40170

ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport...

7.5CVSS5.7AI score0.00579EPSS

Exploits1

Atlassian•added 2026/04/16 9:26 p.m.•21 views

DoS (Denial of Service) net.minidev:json-smart Dependency in Jira Software Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.12.1, 10.3.0, and 11.3.0 of Jira Software Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated...

7.5CVSS5.8AI score0.01119EPSS

Exploits1

Snyk•added 2026/04/16 9:9 p.m.•5 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the Utf8GraphQLParser parser. An attacker can cause the application to terminate unexpectedly and disrupt all active services by submitting a crafted GraphQL document with deeply nested selection sets, object...

9.1CVSS5.8AI score0.00902EPSS

Exploits0References2

OSV•added 2026/04/16 9:9 p.m.•9 views

GHSA-QR3M-XW4C-JQW3 ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

Impact Hot Chocolate's Utf8GraphQLParser is a recursive descent parser with no recursion depth limit. A crafted GraphQL document with deeply nested selection sets, object values, list values, or list types can trigger a StackOverflowException on payloads as small as 40 KB. Because...

9.1CVSS5.7AI score0.00902EPSS

Exploits0References14

Github Security Blog•added 2026/04/16 9:9 p.m.•7 views

ChilliCream GraphQL Platform: Utf8GraphQLParser Stack Overflow via Deeply Nested GraphQL Documents

9.1CVSS5.7AI score0.00902EPSS

Exploits0References14Affected Software1

RedhatCVE•added 2026/04/16 7:22 p.m.•5 views

CVE-2026-6196

A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and...

9CVSS6.3AI score0.00575EPSS

Exploits0References1

RedhatCVE•added 2026/04/16 7:22 p.m.•7 views

CVE-2026-6168

A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS6.1AI score0.00575EPSS

Exploits0References1

IBM Security Bulletins•added 2026/04/16 5:52 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52981 DESCRIPTION: An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection...

7.5CVSS5.8AI score0.00511EPSS

Exploits0Affected Software1