CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

CNNVD•added 2026/05/15 12:0 a.m.•4 views

Delphix Continuous Data 操作系统命令注入漏洞

Delphix Continuous Data is a platform from the American company Delphix that supports data virtualization, continuous data delivery, and database environment management. Delphix Continuous Data has a vulnerability related to operating system command injection, which stems from improper input...

8.7CVSS6.1AI score0.00052EPSS

Exploits0References1

OSV•added 2026/05/05 9:34 p.m.•1 views

GHSA-HMCX-CH82-3FV2 Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash component

Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write ZERO-DAY Unauthenticated Path Traversal leading to Arbitrary Directory Creation and Configuration Injection Summary Grav CMS v1.7.49.5 and latest development source is vulnerable to a Zero-Day Path Traversal...

9.3CVSS5.9AI score0.00121EPSS

Exploits1References5

CNNVD•added 2026/05/05 12:0 a.m.•3 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the misleading naming of the copyusernocache function in the x86-64 architecture. This function...

5.5CVSS5.8AI score0.00013EPSS

Exploits0References1

Snyk•added 2026/05/04 5:28 p.m.•4 views

Missing Authorization

Overview org.apache.polaris:polaris-runtime-service is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this...

9.9CVSS6AI score0.00095EPSS

Exploits0References2

Cvelist•added 2026/05/04 4:22 p.m.•26 views

CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations

Apache Polaris can issue broad temporary "vended" storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation...

9.9CVSS0.00095EPSS

Exploits0References1

SUSE CVE•added 2026/03/28 12:25 a.m.•1 views

SUSE CVE-2026-33481

Syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. Syft versions before v1.42.3 would not properly cleanup temporary storage if the temporary storage was exhausted during a scan. When scanning archives Syft will unpack those...

5.3CVSS5.8AI score0.00017EPSS

Exploits0References4

RedhatCVE•added 2026/03/26 8:3 p.m.•1 views

CVE-2026-33481

A flaw was found in Syft, a tool for generating Software Bill of Materials SBOM. When Syft scans large or highly compressed archives, it unpacks them into temporary storage. If this process exhausts the temporary storage, Syft fails to properly clean up these files. This can lead to the temporary...

5.3CVSS5.7AI score0.00017EPSS

Exploits0References2

NVD•added 2026/03/26 6:16 p.m.•0 views

CVE-2026-33481

5.3CVSS0.00017EPSS

Exploits0References4

AlpineLinux•added 2026/03/26 5:10 p.m.•0 views

CVE-2026-33481

5.3CVSS6.2AI score0.00017EPSS

Exploits0References4

ATTACKERKB•added 2026/03/26 5:10 p.m.•0 views

CVE-2026-33481

5.3CVSS5.7AI score0.00017EPSS

Exploits0References5Affected Software1

CVE•added 2026/03/26 5:10 p.m.•6 views

CVE-2026-33481

Syft contains a vulnerability (affecting versions before v1.42.3) where temporary storage is not properly cleaned up when an error occurs during scanning. If scanning archives leads to exhausted temporary storage (e.g., large artifacts or zipbombs), Syft may exit without removing temporary files,...

5.3CVSS5.7AI score0.00017EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/03/26 12:0 a.m.•2 views

syft 安全漏洞

Syft is an open-source CLI tool and Go library developed by Anchore, used to generate Software Bill of Materials SBOMs from container images and file systems. Versions of Syft prior to 1.42.3 contain security vulnerabilities. These vulnerabilities stem from improper cleanup of temporary storage...

5.3CVSS6.4AI score0.00017EPSS

Exploits0References5

OSV•added 2026/03/23 2:12 p.m.•1 views

CVE-2026-33483 AVideo Affected by Unauthenticated Disk Space Exhaustion via Unlimited Temp File Creation in aVideoEncoderChunk.json.php

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the aVideoEncoderChunk.json.php endpoint is a completely standalone PHP script with no authentication, no framework includes, and no resource limits. An unauthenticated remote attacker can send arbitrary POST data...

7.5CVSS6AI score0.0061EPSS

Exploits1References4

Snyk•added 2026/03/20 8:46 p.m.•1 views

Improper Cleanup on Thrown Exception

Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...

6.9CVSS5.8AI score0.00017EPSS

Exploits0References2

Snyk•added 2026/03/20 8:46 p.m.•0 views

Improper Cleanup on Thrown Exception

6.9CVSS5.8AI score0.00017EPSS

Exploits0References2

Snyk•added 2026/03/20 8:46 p.m.•1 views

Improper Cleanup on Thrown Exception

6.9CVSS5.8AI score0.00017EPSS

Exploits0References2

Snyk•added 2026/03/20 8:46 p.m.•1 views

Improper Cleanup on Thrown Exception