CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/12 12:0 a.m.•19 views

PT-2026-48932

Summary A NoSQL injection vulnerability existed in MongoDBSaver where checkpoint identifier fields from config.configurable were used in MongoDB queries without strict type enforcement. In vulnerable versions, attacker-controlled object payloads for example MongoDB operators like $gt and $ne coul...

6.7CVSS5.4AI score0.00022EPSS

Exploits0References6

Positive Technologies•added 2026/06/12 12:0 a.m.•17 views

PT-2026-48956

During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell that permits...

5.1CVSS5.3AI score0.0015EPSS

OSV•added 2026/06/11 12:0 p.m.•17 views

RUSTSEC-2026-0177 Missing `Sync` bound on `PyCFunction::new_closure` closures

5.5AI score

RustSec•added 2026/06/11 12:0 p.m.•7 views

Missing `Sync` bound on `PyCFunction::new_closure` closures

5.5AI score

Exploits0Affected Software1

Fedora•added 2026/06/11 1:9 a.m.•11 views

[SECURITY] Fedora 43 Update: rust-1.96.0-1.fc43

Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. This package includes the Rust compiler and documentation generator...

6.5CVSS5.4AI score0.00415EPSS

Exploits0

OSV•added 2026/06/10 12:7 a.m.•5 views

OSV-2026-895 Heap-buffer-overflow in ihevcd_fmt_conv

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=521437880 Crash type: Heap-buffer-overflow WRITE 8 Crash state: ihevcdfmtconv ihevcdprocessthread startthread...

5.4AI score

Exploits0References1

Packet Storm News•added 2026/06/09 12:0 a.m.•6 views

FreeBSD Security Advisory - FreeBSD-SA-26:25.thr

FreeBSD Security Advisory - When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call return...

5.4AI score

Exploits0

OSV•added 2026/06/08 5:16 p.m.•6 views

UBUNTU-CVE-2026-11611

A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during...

CVE•added 2026/06/08 4:17 p.m.•21 views

CVE-2026-11611

CVE-2026-11611 concerns the Content Synchronization persistent search plugin in 389 Directory Server. The flaw enables denial of service via unbounded memory growth when an authenticated client stops reading sync responses, and there are additional race conditions in the plugin thread lifecycle t...

Exploits0References3Affected Software3

Vulnrichment•added 2026/06/08 4:17 p.m.•5 views

CVE-2026-11611 389-ds-base: 389-ds-base: content sync plugin unbounded queue growth and race conditions

Debian CVE•added 2026/06/08 4:17 p.m.•9 views

CVE-2026-11611

EUVD•added 2026/06/08 4:17 p.m.•10 views

Exploits0

EUVD-2026-35129

RedHat Linux•added 2026/06/08 1:44 a.m.•5 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS7.4AI score0.00375EPSS

Positive Technologies•added 2026/06/08 12:0 a.m.•13 views

PT-2026-47339

Name of the Vulnerable Software and Affected Versions 389 Directory Server affected versions not specified Description A flaw in the Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, which can lead to a denia...

Tenable Nessus•added 2026/06/08 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-46275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use- After-Free UAF and Null Pointer Dereference NPD...

7.8CVSS5.9AI score0.00204EPSS

Exploits1References4

Positive Technologies•added 2026/06/08 12:0 a.m.•10 views

PT-2026-47589

Summary Netty's DNS resolver uses a predictable PRNG for generating DNS transaction IDs and defaults to a static UDP source port. This combination reduces the entropy of DNS queries, enabling DNS Cache Poisoning Kaminsky attack. Details Two factors contribute to this vulnerability in...

6.8CVSS5.5AI score

SUSE CVE•added 2026/06/06 2:48 a.m.•7 views

SUSE CVE-2026-36499

A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...

6.5CVSS5.4AI score0.0024EPSS