CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5360 matches found

EUVD-2026-38605

Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: apikey and apisecret are declared nolog=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all nolog protection. Vulnerable...

6.5CVSS6AI score

Exploits0References2

CVE•added yesterday•10 views

CVE-2026-54321

CVE-2026-54321 (Daytona) : Sandboxes that were switched from public to private could remain reachable without authentication for a short period due to a cached visibility state not invalidated on change. This affected Daytona versions 0.101.0 through 0.184.0 and allowed unauthenticated access to ...

7CVSS6.3AI score0.00207EPSS

Exploits0References1

Nuclei•added yesterday•35 views

Intelbras Switch - Information Disclosure

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. id: CVE-2023-36144 info: name: Intelbras Switch - Information Disclosure author:...

7.5CVSS7.2AI score0.38471EPSS

Exploits2References4

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in respects-switch (npm)

respects-switch is a dependency confusion proof-of-concept package published to the public npm registry by the account r0binak and self-labeled "Security research PoC - Dependency Confusion Hunter". It was published at the artificially high version 999.0.0, the canonical floating-version bait use...

5.8AI score

Exploits0References3

Nuclei•added 2 days ago•30 views

MSNSwitch Firmware MNT.2408 - Authentication Bypass

MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. id: CVE-2022-32429 info: name:...

9.8CVSS7.9AI score0.7572EPSS

Exploits4References5

Github Security Blog•added 5 days ago•7 views

Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...

7.6CVSS6AI score

Exploits0References2Affected Software1

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not finalize the CSA in IBSS mode if the state is disconnected. When we are not connected to a channel, sending the “switch” announcement doesn’t make any sense. The BSS list is empty in that case. This causes...

5.5CVSS5.3AI score0.00211EPSS

Exploits0References2

AstraLinux•added 5 days ago•8 views

Astra Linux – Vulnerability in libxmltok

In libexpat before version 2.2.8, crafted XML inputs could trick the parser into switching from DTD parsing to document parsing too early. A consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber would then lead to a heap-based buffer overflow...

7.5CVSS7.4AI score0.06643EPSS

Exploits1References2

AstraLinux•added 5 days ago•10 views

Astra Linux – Vulnerability in glibc

The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15, when the cache was added to nscd. This vulnerability only exists in the nscd binary...

7.4CVSS6.3AI score0.00403EPSS

Exploits0References2

AstraLinux•added 5 days ago•7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fixed an issue where an interrupt storm occurred after receiving a corrupted ifid in the IRQ handler. Commit 31a7a0bbeb00 “dpaa2-switch”: added a range check for ifid in the IRQ handler introduces a mechanism to...

7.8CVSS5.3AI score0.00121EPSS

Exploits0References1

AstraLinux•added 5 days ago•5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: Stale pointers have been set to zero. The function crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if none of them are obtained...

5.7AI score0.00168EPSS

Exploits0References1

AstraLinux•added 5 days ago•2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fixed the NULL dereference on q-elevator in blkmqelvswitchnone. After acquiring the q-sysfslock, q-elevator may become NULL due to the elevator switch. Fixed the NULL dereference on q-elevator by checking it with a lock...

5.5CVSS5.2AI score0.00135EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: writeback: Fixed the use of “free” after deallocating memory in inodeswitchwbsworkfn. The function inodeswitchwbsworkfn has a loop like this: c wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !li...

7.8CVSS5.9AI score0.00119EPSS

Exploits0References1

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail out from dwc3gadgetexit if dwc-gadget is NULL. There exists a possible scenario in which dwc3gadgetinit may fail: during the switch between peripheral and host modes in dwc3setmode, and if a pending gadget...

5.5CVSS5.8AI score0.00222EPSS

Exploits0References2

AstraLinux•added 5 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fixed warnings during S3 suspension The enablegpewakeup function calls acpienableallwakeupgpes, and this function may also call the preemptschedulecommon function. This results in a thread switch, causing the CPU to be...

5.5CVSS6.3AI score0.00219EPSS

Exploits0References2

AstraLinux•added 5 days ago•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - net: dsa: felix: do not use devres for mdiobus. As explained in the commits: - 74b6d7d13307: “net: dsa: realtek: register the MDIO bus using devres”. - 5135e96a3dd2: “net: dsa: do not allocate the slavemiibus using devres”...

5.5CVSS5.7AI score0.00273EPSS

Exploits0References2

EUVD•added 6 days ago•7 views

EUVD-2026-37891

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

8.1CVSS5.4AI score0.00353EPSS

Exploits0References1

NVD•added 6 days ago•12 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.00119EPSS

Exploits0References3