CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34530

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::from der or OwnedCertRevocationList::from der. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

5.8AI score

Exploits0References3

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34513

A logic error in the env utility of uutils coreutils causes a failure to correctly parse command-line arguments when utilizing the -S split-string option. In GNU env, backslashes within single quotes are treated literally with the exceptions of and '. However, the uutils implementation incorrectl...

3.3CVSS5.8AI score0.00017EPSS

Exploits0References2

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013773)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013773 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmiencdec: Restrict string length in decode The QMI TLV value for strings in a lot of...

5.7AI score0.00044EPSS

Exploits0References4

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34312

Name of the Vulnerable Software and Affected Versions nano affected versions not specified Description A local user can cause a Denial of Service in the application by exploiting a format string flaw in the statusline function. This occurs when the application attempts to display a directory name...

5.5CVSS5.8AI score0.00019EPSS

Exploits0References23

Tenable Nessus•added 2026/04/22 12:0 a.m.•3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013595)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013595 advisory. In the Linux kernel, the following vulnerability has been resolved: orangefs: Fix kmemleak in orangefspreparedebugfshelpstring When insert and remove the orangefs...

5.8AI score0.0007EPSS

Exploits0References4

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-37159

Name of the Vulnerable Software and Affected Versions pgx versions prior to 5.9.2 Description SQL injection can occur when the non-default simple protocol is used in conjunction with a dollar quoted string literal in the SQL query. If that string literal contains text that would be interpreted as...

9.8CVSS5.8AI score0.00012EPSS

Exploits0References14

CNNVD•added 2026/04/22 12:0 a.m.•4 views

Red Hat Enterprise Linux 格式化字符串错误漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by Red Hat, Inc. Red Hat Enterprise Linux 10 contains a vulnerability related to format string errors. This vulnerability stems from a flaw in the statusline function’s handling of format strings. Local users can...

5.5CVSS5.8AI score0.00019EPSS

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34609

Name of the Vulnerable Software and Affected Versions @nocobase/database versions prior to 2.0.39 Description An issue exists in the queryParentSQL function within the core database package where a recursive CTE query is constructed by joining nodeIds using string concatenation instead of...

8.8CVSS6.1AI score0.04817EPSS

Exploits1References13

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

SUSE SLES12 Security Update : ncurses (SUSE-SU-2026:1499-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1499-1 advisory. This update for ncurses fixes the following issue: - CVE-2025-69720: buffer overflow in function analyzestringof progs/infocmp.c bsc1259924. Tenable ha...

9.8CVSS6.1AI score0.00013EPSS

NVD•added 2026/04/21 11:16 p.m.•0 views

CVE-2026-41062

WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for objects/aVideoEncoderReceiveImage.json.php only checks the URL path component via parseurl$url, PHPURLPATH for .. sequences. However, the downstream function...

6.5CVSS0.00128EPSS

EUVD•added 2026/04/21 10:57 p.m.•0 views

EUVD-2026-24541

CVE•added 2026/04/21 10:57 p.m.•7 views

CVE-2026-41062

Summary: WWBN AVideo

Exploits1References4Affected Software1

ATTACKERKB•added 2026/04/21 10:57 p.m.•0 views

CVE-2026-41062

Exploits1References5Affected Software1

Vulnrichment•added 2026/04/21 10:57 p.m.•2 views

CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters

Cvelist•added 2026/04/21 10:57 p.m.•28 views

CVE-2026-41062 WWBN/AVideo has an incomplete fix for a directory traversal bypass via query string in ReceiveImage downloadURL parameters

6.5CVSS0.00128EPSS

Vulnrichment•added 2026/04/21 7:21 p.m.•1 views

CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface passes the raw $SERVER'REQUESTURI' to Twig as a global template variable and renders it inside a JavaScript string literal in the setLang helper of base.twig,...

2.1CVSS5.8AI score0.02959EPSS

CVE•added 2026/04/21 7:21 p.m.•6 views

CVE-2026-40878

CVE-2026-40878 affects mailcow: dockerized prior to 2026-03b. The web interface passes raw $_SERVER['REQUEST_URI'] to Twig as a global variable and renders it inside a JavaScript string in setLang(), relying on Twig’s HTML escaping rather than JS escaping. Additionally, the query_string() Twig he...

2.1CVSS5.8AI score0.02959EPSS