CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 2026/06/05 5:12 p.m.•3 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the ParseLibSymbols function when parsing a BSD-style .SYMDEF symbol table. An attacker can access sensitive information from uninitialized heap memory by providing a specially crafted Unix ar archive...

7.1CVSS5.4AI score0.00391EPSS

Exploits1References3

Vulnrichment•added 2026/06/05 4:20 p.m.•6 views

CVE-2026-48112 GHSL-2026-122 7-Zip Ar SYMDEF OOB Read

7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in the Unix ar archive parser in 7-Zip. When parsing a BSD-style .SYMDEF symbol table, the...

6.5CVSS5.7AI score0.00391EPSS

Github Security Blog•added 2026/06/05 4:19 p.m.•11 views

NocoDB: SQL Injection via Column Title in Bulk GroupBy

Summary An authenticated user with column-create permission can inject SQL into the bulk groupBy endpoint by setting a column's title to a SQL fragment. Details The bulk groupBy path in group-by.ts builds three database-specific knex.raw aggregations that interpolate the request's columnname...

5.6AI score0.00032EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/06/04 10:3 a.m.•12 views

CVE-2026-48597

Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme with no...

NVD•added 2026/06/03 8:16 p.m.•7 views

Exploits0References1

CVE-2026-26824

libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table MSAT in readMSAT is not fully initialized before being consumed by ole2validatesectorchain, which may result in application crashe...

6.5CVSS0.00218EPSS

OSV•added 2026/06/03 8:16 p.m.•3 views

DEBIAN-CVE-2026-26824

6.5CVSS5.4AI score0.00218EPSS

OSV•added 2026/06/03 8:16 p.m.•4 views

UBUNTU-CVE-2026-26824

6.5CVSS5.4AI score0.00218EPSS

Exploits1References3

EUVD•added 2026/06/03 7:56 p.m.•8 views

EUVD-2026-34176

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be configured as redirect...

4.8CVSS5.9AI score0.00259EPSS

Exploits0References2

RedhatCVE•added 2026/06/03 10:1 a.m.•11 views

CVE-2026-24090

Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow...

7.1CVSS5.8AI score0.00062EPSS

Exploits0References1

EUVD•added 2026/06/03 12:0 a.m.•12 views

EUVD-2026-34178

5.8AI score0.00218EPSS

EUVD•added 2026/06/02 7:8 p.m.•10 views

EUVD-2026-34013

Vulnrichment•added 2026/06/02 7:8 p.m.•6 views

CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

CVE•added 2026/06/02 7:8 p.m.•19 views

CVE-2026-48597

The vulnerability CVE-2026-48597 affects elixir-tesla (Tesla) where Tesla.Adapter.Mint.open_conn/2 converts each outgoing request URL scheme to a BEAM atom using String.to_atom(uri.scheme) without an allow-list. Since BEAM atoms are not garbage-collected, an attacker who can influence the request...

OSV•added 2026/06/02 7:8 p.m.•6 views

EEF-CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme wit...