CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•8 views

CVE-2026-56315

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS

CVE•added yesterday•8 views

CVE-2026-56315

CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...

9.8CVSS6.7AI score

EUVD•added yesterday•6 views

EUVD-2026-38437

9.8CVSS6.7AI score

Cvelist•added yesterday•12 views

CVE-2026-56315 picklescan - Remote Code Execution via Unblocked Standard Library Modules

9.8CVSS

EUVD•added yesterday•5 views

EUVD-2023-60596

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS5.9AI score

Cvelist•added yesterday•12 views

CVE-2023-54365 Traefik - Denial of Service via HTTP/2 Request Handling

8.7CVSS

RedHat Linux•added yesterday•5 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.1AI score0.00378EPSS

RedHat Linux•added yesterday•4 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS6AI score0.02501EPSS

Exploits0References5

RedHat Linux•added 2 days ago•4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.00761EPSS

RedHat Linux•added 2 days ago•4 views

firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory...

8.1CVSS5.9AI score0.0045EPSS

Exploits0References6

AstraLinux•added 5 days ago•4 views

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.52.0, a double-free error can occur in the Vec::fromiter function if the process of freeing the element causes a panic...

9.8CVSS8.2AI score0.0289EPSS

Exploits1References1

AstraLinux•added 5 days ago•5 views

Astra Linux - Vulnerability in Golang-1.19

On Unix platforms, the Go runtime behaves differently when a binary is run with the setuid/setgid bits enabled. This can be dangerous in certain situations, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standa...

7.8CVSS6.6AI score0.00432EPSS

OSV•added 5 days ago•3 views

UBUNTU-CVE-2026-48979

PHP Standard Library PSL is set of APIs covering async, collections,...

7.5CVSS5.8AI score0.00267EPSS

NVD•added 6 days ago•10 views

CVE-2026-22674

Hashgraph Guardian through 3.6.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users with the STANDARDREGISTRY role to inject malicious scripts by submitting a crafted companyName value via the branding configuration API endpoint. Attacke...

4.8CVSS0.00177EPSS

CVE•added 6 days ago•18 views

CVE-2026-22674

Hashgraph Guardian prior to 3.5.0 is affected by a stored XSS vulnerability in the branding configuration API endpoint. The issue arises from unsanitized innerHTML in the branding service, allowing an authenticated user with the STANDARD_REGISTRY role to inject malicious scripts by submitting a c...

4.8CVSS6AI score0.00177EPSS

ATTACKERKB•added 6 days ago•7 views

CVE-2026-22674

4.8CVSS6AI score0.00177EPSS

Exploits0References4

Cvelist•added 6 days ago•22 views

CVE-2026-22674 Hashgraph Guardian Stored XSS via branding companyName field

4.8CVSS0.00177EPSS

RedHat Linux•added 6 days ago•6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.2AI score0.00292EPSS

RedHat Linux•added 6 days ago•6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS8.3AI score0.0052EPSS