CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

711 matches found

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS5.8AI score0.09681EPSS

Exploits0References4

ATTACKERKB•added 3 days ago•5 views

CVE-2026-9308

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.4CVSS5.9AI score0.00036EPSS

Exploits0References3

EUVD•added 3 days ago•4 views

EUVD-2026-33629

5.4CVSS5.9AI score0.00036EPSS

Exploits0References2

Positive Technologies•added 3 days ago•8 views

PT-2026-45410

5.4CVSS5.9AI score0.00036EPSS

Exploits0References3

NVD•added 6 days ago•4 views

CVE-2026-47125

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.2, the PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin...

8.8CVSS0.00039EPSS

Exploits0References1

EUVD•added last week•3 views

EUVD-2026-32931

In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the SERVICEACCOUNTTOKEN placeholder Canal/Flannel-Calico deployments, the installer substitutes the live Kubernetes ServiceAccount bearer token before logging,...

6CVSS5.8AI score0.0008EPSS

Exploits0References4

NVD•added last week•8 views

CVE-2026-4408

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9CVSS0.00392EPSS

Exploits0References4

CVE•added last week•22 views

CVE-2026-4408

CVE-2026-4408 : Samba remotely executes code due to a misconfiguration in the “check password script” feature when the script uses the %u substitution. The client-supplied username is passed with insufficient escaping of shell meta-characters, enabling remote command execution on affected systems...

9CVSS5.9AI score0.00392EPSS

Exploits0References5

Cvelist•added last week•23 views

CVE-2026-4408 Samba: remote code execution in samr

9CVSS0.00392EPSS

Exploits0References5

ATTACKERKB•added last week•6 views

CVE-2026-4408

9CVSS5.9AI score0.00392EPSS

Exploits0References6

AlpineLinux•added last week•10 views

CVE-2026-4408

9CVSS5.9AI score0.00392EPSS

Exploits0

RedhatCVE•added last week•6 views

CVE-2026-4408

9CVSS5.8AI score0.00392EPSS

Exploits0References4

NVD•added 2026/05/27 8:16 p.m.•5 views

CVE-2026-47274

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

6.3CVSS0.0002EPSS

Exploits0References4

SUSE CVE•added 2026/05/27 2:53 a.m.•6 views

SUSE CVE-2026-4408

9.9CVSS5.9AI score0.00392EPSS

Exploits0References9

Positive Technologies•added 2026/05/27 12:0 a.m.•2 views

PT-2026-44087

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

6.3CVSS5.9AI score0.0002EPSS

Exploits0References5

NVD•added 2026/05/26 9:16 p.m.•7 views

CVE-2026-48592

Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling cancel,...

5.3CVSS0.0006EPSS

Exploits0References4

ATTACKERKB•added 2026/05/26 7:46 p.m.•4 views

CVE-2026-48592

5.3CVSS6AI score0.0006EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/26 7:46 p.m.•4 views

EEF-CVE-2026-48592 Missing authorization check on save-job event handler in oban_web

Summary Missing Authorization vulnerability in oban-bg obanweb 'Elixir.Oban.Web.Jobs.DetailComponent' modules allows unauthorized job worker substitution. The handleevent"save-job", ... handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling...

5.3CVSS6AI score0.0006EPSS

Exploits0References4