CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2733 matches found

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.9AI score0.00043EPSS

Exploits1References8

Nuclei•added yesterday•23 views

Super Socializer < 7.13.52 - Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2023-2779 info: name: Super Socializer 7.13.52 - Cross-Site Scripting author: r3Y3r53...

6.1CVSS6.8AI score0.30752EPSS

Exploits4References4

Patchstack•added 5 days ago•8 views

WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Affiliate Super Assistent versions = 1.10.1...

7.1CVSS5.8AI score0.00036EPSS

Exploits0Affected Software1

CVE•added 6 days ago•7 views

CVE-2026-10070

CVE-2026-10070 affects macrozheng mall up to version 1.0.3, specifically the Super Admin Password Handler in the /admin/update/ path. The root cause is improper authorization when performing a manipulation, enabling remote exploitation. The description notes that exploitation is possible remotely...

5.8CVSS5.5AI score0.00035EPSS

Exploits0References5

Cvelist•added 6 days ago•24 views

CVE-2026-10070 macrozheng mall Super Admin Password update improper authorization

A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor deleted the...

5.8CVSS0.00035EPSS

Exploits0References5

CNNVD•added 6 days ago•4 views

mall 授权问题漏洞

Mall is a set of e-commerce systems developed by Macro Personal Developers, including a front-end shopping mall system and a back-end management system. Versions of Mall 1.0.3 and earlier had authorization-related vulnerabilities. These vulnerabilities stemmed from improper authorization in the...

5.8CVSS5.9AI score0.00035EPSS

Exploits0References5

Positive Technologies•added 6 days ago•3 views

PT-2026-44921

5.8CVSS5.5AI score0.00035EPSS

Exploits0References6

SUSE CVE•added last week•6 views

SUSE CVE-2025-71312

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfsmountoptions leak in ntfsfillsuper In ntfsfillsuper, the fc-fsprivate pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfsfsfree to skip freeing the...

5.8AI score0.00024EPSS

Exploits0References3

SUSE CVE•added last week•3 views

SUSE CVE-2026-45895

In the Linux kernel, the following vulnerability has been resolved: quota: fix livelock between quotactl and freezesuper When a filesystem is frozen, quotactlblock enters a retry loop waiting for the filesystem to thaw. It acquires sumount, checks the freeze state, drops sumount and uses...

5.8AI score0.00024EPSS

Exploits0References3

SUSE CVE•added last week•3 views

SUSE CVE-2026-45920

In the Linux kernel, the following vulnerability has been resolved: ext4: fix dirtyclusters double decrement on fs shutdown fstests test generic/388 occasionally reproduces a warning in ext4putsuper associated with the dirty clusters count: WARNING: CPU: 7 PID: 76064 at fs/ext4/super.c:1324...

5.7AI score0.00032EPSS

Exploits0References3

EUVD•added 2026/05/27 3:33 p.m.•6 views

EUVD-2026-32245

In the Linux kernel, the following vulnerability has been resolved: gfs2: fix memory leaks in gfs2fillsuper error path Fix two memory leaks in the gfs2fillsuper error handling path when transitioning a filesystem to read-write mode fails. First leak: kthread objects threadstruct, taskstruct, etc...

5.9AI score0.00024EPSS

Exploits0References3

NVD•added 2026/05/27 2:17 p.m.•4 views

CVE-2026-45895

0.00024EPSS

Exploits0References5

OSV•added 2026/05/27 2:17 p.m.•2 views

UBUNTU-CVE-2026-45920

5.4AI score0.00032EPSS

Exploits0References3

OSV•added 2026/05/27 2:17 p.m.•1 views

UBUNTU-CVE-2026-45895

5.7AI score0.00024EPSS

Exploits0References3

Cvelist•added 2026/05/27 12:24 p.m.•29 views

CVE-2025-71312 fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super()

0.00024EPSS

Exploits0References2

CVE•added 2026/05/27 12:17 p.m.•9 views

CVE-2026-45920

CVE-2026-45920 : In the Linux kernel’s ext4 implementation, a double decrement of the dirty clusters counter (s_dirtyclusters_counter) occurs on fs shutdown, triggered by a path between ext4_mb_mark_diskspace_used() and ext4_mb_new_blocks() when an error propagates from ext4_handle_dirty_metadata...

5.7AI score0.00032EPSS

Exploits0References8

Cvelist•added 2026/05/27 12:17 p.m.•27 views

CVE-2026-45895 quota: fix livelock between quotactl and freeze_super

0.00024EPSS

Exploits0References5

Debian CVE•added 2026/05/27 12:17 p.m.•4 views

CVE-2026-45895

5.7AI score0.00024EPSS

Exploits0

NVD•added 2026/05/27 11:16 a.m.•6 views

CVE-2026-42759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Timo Affiliate Super Assistent amazonsimpleadmin allows Stored XSS.This issue affects Affiliate Super Assistent: from n/a through = 1.10.1...

7.1CVSS0.00036EPSS

Exploits0References1

Cvelist•added 2026/05/27 9:49 a.m.•22 views

CVE-2026-42759 WordPress Affiliate Super Assistent plugin <= 1.10.1 - Cross Site Scripting (XSS) vulnerability

7.1CVSS0.00036EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by