CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/26 3:16 p.m.•12 views

CVE-2026-40033

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16MAX but performs copy operations using unclamped cache entry...

8.8CVSS0.00068EPSS

Exploits1References3

UbuntuCve•added 2026/05/26 3:16 p.m.•6 views

CVE-2026-40033

8.8CVSS6.4AI score0.00068EPSS

Exploits1References4

EUVD•added 2026/05/26 2:8 p.m.•8 views

EUVD-2026-31830

8.8CVSS6.5AI score0.00068EPSS

Exploits1References3

Cvelist•added 2026/05/26 2:8 p.m.•38 views

CVE-2026-40033 FreeRDP - Heap-buffer-overflow in gdi_CacheToSurface via rectangle validation bypass

8.8CVSS0.00068EPSS

Exploits1References3

Debian CVE•added 2026/05/26 2:8 p.m.•5 views

CVE-2026-40033

8.8CVSS6.4AI score0.00068EPSS

Exploits1

Hive Pro Threat Advisories•added 2026/05/26 10:1 a.m.•11 views

CrowdStrike vs Hive Pro: VM Compared

CrowdStrike vs Hive Pro for Vulnerability Management CrowdStrike vs Hive Pro is not a simple feature checklist. It is a decision about how your security team wants to manage exposure: through an endpoint-centered platform that extends into vulnerability assessment, or through a vendor-neutral...

The Hacker News•added 2026/05/26 9:13 a.m.•17 views

CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

OSSF Malicious Packages•added 2026/05/26 1:0 a.m.•6 views

Malicious code in warp-contracts-plugin-deploy-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ac3a02c9f004d72f8975e0e93fb0810818b509cf295cf9a567c882afaf9a7444 Package name warp-contracts-plugin-deploy-test mimics the legitimate warp-contracts-plugin-deploy and copies its public API surface lib/cjs/index.js...

Github Security Blog•added 2026/05/23 12:16 a.m.•12 views

Exploits0References3

Arcane: Missing admin authorization on global variables endpoint

Summary The PUT /api/environments/id/templates/variables endpoint, which writes the system-wide .env.global file used for variable substitution in every project's compose file, is missing an admin authorization check. Any authenticated non-admin user can call this endpoint with their bearer token...

8.8CVSS6AI score0.00044EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/22 5:16 a.m.•8 views

MAL-2026-4733 Malicious code in wrld-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58965a325ad88c872b7c01668e4c08ca337b5fa022c15e626e23697d23fb594c The package exposes a public authentication API auth.user.login, auth.user.register, auth.user.get, auth.user.delete, plus an auth.system RPC surface...

OSV•added 2026/05/22 3:25 a.m.•6 views

Exploits0References1

MAL-2026-4774 Malicious code in vulndify-mcp-server (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6110bfbfb3eac275094aefd342ef273350829f83c53c480e29df1f872b335650 The package advertises itself in the README as offering only a benign hello MCP tool, but src/vulndifymcpserver/server.py registers two additional,...

Packet Storm News•added 2026/05/22 12:0 a.m.•8 views

Exploits0References1

Joern 4.0.546

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Github Security Blog•added 2026/05/21 7:58 p.m.•7 views

Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. Patches The issue is resolved in versions...

5.4CVSS5.7AI score0.00026EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/21 7:58 p.m.•8 views

GHSA-2QJJ-H6WP-C7H7 Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers

5.4CVSS5.7AI score0.00026EPSS

Exploits0References5

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42686

5.4CVSS5.7AI score0.00026EPSS

Exploits0References6

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42705

🟠 Umbraco CMS, Open Redirect in Surface Controllers, CVE-2025-47874 Medium https://t.co/PmivsVMa8k...

Rapid7 Blog•added 2026/05/20 12:15 p.m.•4 views

Exploits0References1

Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes

Modern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command was built to uni...