CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

72 matches found

Astra Linux – Vulnerability in libxmltok

In libexpat before version 2.2.8, crafted XML inputs could trick the parser into switching from DTD parsing to document parsing too early. A consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber would then lead to a heap-based buffer overflow...

7.5CVSS7.4AI score0.06643EPSS

Exploits1References2

Tenable Nessus•added 2026/05/30 12:0 a.m.•9 views

RockyLinux 9 : fence-agents (RLSA-2026:19355)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19355 advisory. cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves CVE-2026-26007 pyjwt: PyJWT accepts unknown crit header...

8.2CVSS6.8AI score0.0058EPSS

Exploits2References7

Tenable Nessus•added 2026/05/30 12:0 a.m.•8 views

Debian dla-4608 : corosync - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4608 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4608-1 [email protected]...

8.2CVSS5.9AI score0.00994EPSS

Exploits2References6

OSV•added 2026/04/13 1:19 p.m.•2 views

USN-8170-1 corosync vulnerabilities

It was discovered that Corosync incorrectly handled the membership commit token validity check. A remote attacker could use this issue to cause Corosync to crash, resulting in a denial of service, or to possibly obtain a small quantity of sensitive information. CVE-2026-35091 It was discovered th...

8.2CVSS5.8AI score0.00994EPSS

Exploits2References3

ATTACKERKB•added 2026/03/19 7:34 a.m.•3 views

CVE-2026-3475

The Instant Popup Builder plugin for WordPress is vulnerable to Unauthenticated Arbitrary Shortcode Execution in all versions up to and including 1.1.7. This is due to the handleemailverificationpage function constructing a shortcode string from user-supplied GET parameters token, email and passi...

5.3CVSS6.1AI score0.00278EPSS

Exploits0References7