CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/22 9:6 a.m.•0 views

CVE-2026-6848

5.4CVSS5.9AI score0.00023EPSS

RedhatCVE•added 2026/04/22 9:6 a.m.•1 views

CVE-2026-6848

8.1CVSS5.7AI score0.00023EPSS

Tenable Nessus•added 2026/04/22 12:0 a.m.•3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013668)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013668 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a...

5.8AI score0.00044EPSS

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013625 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: Fix use-after-free on ar5523cmd timed out syzkaller reported use-after-free with th...

5.7AI score0.00061EPSS

Tenable Nessus•added 2026/04/22 12:0 a.m.•4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013497)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013497 advisory. A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local...

6.5CVSS6.7AI score0.00026EPSS

NVD•added 2026/04/21 10:16 p.m.•1 views

CVE-2026-40939

The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...

6.8CVSS0.00025EPSS

CVE•added 2026/04/21 9:7 p.m.•6 views

CVE-2026-40939

The CVE concerns the Data Sharing Framework (DSF). Before version 2.1.0, OIDC-authenticated sessions had no maximum inactivity timeout, allowing sessions to persist indefinitely after login and token expiry. The issue is fixed in v2.1.0. Affected components are DSF FHIR and BPE servers with OIDC ...

6.8CVSS5.8AI score0.00025EPSS

Vulnrichment•added 2026/04/21 9:7 p.m.•1 views

CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions

6.8CVSS5.8AI score0.00025EPSS

Cvelist•added 2026/04/21 9:7 p.m.•28 views

CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions

6.8CVSS0.00025EPSS

ATTACKERKB•added 2026/04/21 9:7 p.m.•1 views

CVE-2026-40939

6.8CVSS5.8AI score0.00025EPSS

Exploits0References5Affected Software4

Github Security Blog•added 2026/04/21 8:27 p.m.•5 views

Tekton Pipelines: HTTP Resolver Unbounded Response Body Read Enables Denial of Service via Memory Exhaustion

Summary The HTTP resolver's FetchHttpResource function calls io.ReadAllresp.Body with no response body size limit. Any tenant with permission to create TaskRuns or PipelineRuns that reference the HTTP resolver can point it at an attacker-controlled HTTP server that returns a very large response...

6.5CVSS5.8AI score0.00054EPSS

Exploits1References4Affected Software1

EUVD•added 2026/04/21 5:41 p.m.•2 views

EUVD-2026-24213

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension bundle ID uk.craigbass.clearancekit.opfilter can be suspended with SIGSTOP or kill -STOP, or killed with SIGKILL/SIGTERM, by any...

8.2CVSS5.7AI score0.00022EPSS

EUVD•added 2026/04/21 3:32 p.m.•0 views

EUVD-2026-24128

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

NVD•added 2026/04/21 3:16 p.m.•0 views

Exploits0References2

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS0.00033EPSS

Cvelist•added 2026/04/21 2:14 p.m.•30 views

CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

4.3CVSS0.00033EPSS

Vulnrichment•added 2026/04/21 2:14 p.m.•1 views

CVE-2026-0971 GoAnywhere MFT SAML Sessions do not redirect to logout URL on session timeout

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

CVE•added 2026/04/21 2:14 p.m.•12 views

CVE-2026-0971

CVE-2026-0971 affects Fortra GoAnywhere MFT prior to v7.10.0. The issue is an improper session timeout where SAML-configured Web Users are redirected to the regular login page instead of the SAML login page. Impact is limited to authentication flow disruption; no data directly exposed per the pro...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/21 2:14 p.m.•2 views

CVE-2026-0971

An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page...

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

Exploits0References2

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013359 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: use timestamp to check for set element timeout Add a timestamp field at the...

7CVSS6.3AI score0.00037EPSS