CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

233642 matches found

OSV•added 2026/05/28 3:43 p.m.•3 views

RLSA-2026:19220 Important: sudo security update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: Sudo: Privilege escalation due to failu...

7.4CVSS5.9AI score0.00006EPSS

Exploits0References2

ATTACKERKB•added 2026/05/28 2:24 p.m.•4 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.0009EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/28 2:24 p.m.•22 views

CVE-2026-45017

CVE-2026-45017 affects the Python Liquid engine. Before 2.2.0, FileSystemLoader and CachingFileSystemLoader fail to guard against reading files outside the search path when given absolute paths, enabling a malicious template author to load and render arbitrary files via {% include %} and {% rende...

8.2CVSS5.9AI score0.0009EPSS

Exploits0References1Affected Software1

EUVD•added 2026/05/28 2:24 p.m.•10 views

EUVD-2026-32907

8.2CVSS5.9AI score0.0009EPSS

Exploits0References1

RedhatCVE•added 2026/05/28 2:15 p.m.•7 views

CVE-2026-9448

A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown function of the file /applyleave.php. Executing a manipulation of the argument ID can lead to cross site scripting. The attack may be performed from remote. The exploit has been publicly...

5.3CVSS4.1AI score0.00035EPSS

Exploits0References1

RedhatCVE•added 2026/05/28 2:15 p.m.•8 views

CVE-2026-9544

A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability is an unknown functionality of the file /api/Dinner/PayConfig. Performing a manipulation of the argument tableno results in sql injection. The attack is possible...

7.5CVSS6.8AI score0.00037EPSS

Exploits0References1

Wolfi•added 2026/05/28 1:48 p.m.•12 views

GHSA-5M62-PW8W-7W9F vulnerabilities

Vulnerabilities for packages: thingsboard...

5.8AI score

Exploits0

OSV•added 2026/05/28 1:39 p.m.•4 views

MAL-2026-4851 Malicious code in @service-suppliers/set_country_list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f579bcefb3ec1dc8c936abcfabad40d3d8c10e857abb59a18c74d22868b8eaac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/28 1:39 p.m.•6 views

Malicious code in @service-suppliers/set_initial_loaded (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2bd44f16d8e16a982d3d1b38f7956db80de10ef3c0c176e7079e684926c1c3c7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2026/05/28 1:39 p.m.•5 views

MAL-2026-4853 Malicious code in @service-suppliers/set_selected_supplier_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7dd674623e86de8efd6f88b138b7e387d1b96e80c48d9a6e8ab81e0189fcf990 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/28 1:39 p.m.•8 views

Malicious code in @service-suppliers/reset_country_list (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f5e6ef79773321419089b562c7d3d0a2dc262c6f2e3337df06d953ac9b2a45a1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/28 1:39 p.m.•8 views

Malicious code in @polka-ui/loads (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d1c2dc697d40151aa0c28a6e1bc5fd467a78649ea136e58a874a8269fec093ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2026/05/28 1:39 p.m.•4 views

MAL-2026-4848 Malicious code in @service-suppliers/fetch_initial_suppliers_action_saga (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5701c4e65352d4be1b2266c870a111f44803d475f58363cb841146d16ec43385 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

OSV•added 2026/05/28 1:39 p.m.•3 views

MAL-2026-4843 Malicious code in @polka-ui/loads (npm)

5.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/28 1:39 p.m.•9 views

Malicious code in @bcs-bank-complex-ui/deeplink (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a93d855d3be0839ea18a9eb78249c1ba50f9029cf31e49e069e118deae5eca46 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score

Exploits0References1

Vulnrichment•added 2026/05/28 1:22 p.m.•8 views

CVE-2026-49237 Local Privilege Escalation in Canonical Multipass

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.00011EPSS

Exploits1References1

EUVD•added 2026/05/28 12:30 p.m.•8 views

EUVD-2026-32867

In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if a message allocation failed, so the driver needs to return to normal state...

5.8AI score0.00032EPSS

Exploits0References6

RedHat Linux•added 2026/05/28 12:7 p.m.•10 views

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.8AI score0.00005EPSS

Exploits0References4

RedHat Linux•added 2026/05/28 11:9 a.m.•9 views

Important: Red Hat Security Advisory: cockpit security update

An update for cockpit is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8CVSS7.2AI score0.00275EPSS

Exploits0References2

RedHat Linux•added 2026/05/28 11:9 a.m.•7 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.00275EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by