CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•5 views

CVE-2026-53014

A flaw was found in the Linux kernel. When the kernel's traffic control TC subsystem processes network packets for redirection across different types of network devices, it can incorrectly handle packet headers. This can lead to corruption of network packet data. A local attacker could potentiall...

5.5CVSS5.8AI score0.00168EPSS

RedhatCVE•added yesterday•5 views

CVE-2026-53080

A flaw was found in the Linux kernel's traffic control firewall classifier clsfw module. An attacker with the ability to create traffic control filters could exploit a vulnerability where an invalid filter, created using an older method, is processed before proper validation. This can lead to a...

5.5CVSS5.8AI score0.00172EPSS

Nuclei•added yesterday•34 views

WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection

WordPress Visitor Statistics Real Time Traffic plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks. id: CVE-2021-247...

8.8CVSS7.3AI score0.38555EPSS

Exploits5References5

RedhatCVE•added 2 days ago•5 views

CVE-2026-52935

A flaw was found in the Linux kernel. The espintcp component, responsible for handling encrypted network traffic, incorrectly reuses a partial data transmission state. This can lead to an out-of-bounds read, which may allow an attacker to access sensitive information or cause other memory...

7CVSS5.8AI score0.00164EPSS

NVD•added 3 days ago•3 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS0.00228EPSS

CVE•added 3 days ago•12 views

CVE-2026-44726

CVE-2026-44726 affects Deno (2.0.0–2.7.8) via the Node.js tls compatibility layer. When autoSelectFamily is enabled and the first address-family attempt fails, the socket reinitialization path reuses a stale TLS upgrade hook tied to the original failed handle, causing the replacement TCP connecti...

7.4CVSS5.9AI score0.00136EPSS

Cvelist•added 3 days ago•37 views

CVE-2026-44726 Deno: TLS retry copies stale upgrade hook, risking plaintext traffic

Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When autoSelectFamily was enabled and the first address-family attempt...

7.4CVSS0.00136EPSS

NVD•added 3 days ago•8 views

CVE-2026-55568

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication credentials the Proxy-Authorization header, proxy userinfo in the proxy URL, or CURLOPTPROXYUSERPW...

5.9CVSS0.00106EPSS

CVE•added 3 days ago•34 views

CVE-2026-55568

Summary (CVE-2026-55568) : Guzzle’s built‑in cURL handlers (CurlHandler/CurlMultiHandler) can downgrade an https:// proxy to plaintext when using libcurl older than 7.50.2, exposing proxy credentials and the CONNECT host/port. The issue occurs if an https proxy is configured and the app runs with...

5.9CVSS5.9AI score0.00106EPSS

NVD•added 3 days ago•12 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

6.1CVSS0.0009EPSS

Vulnrichment•added 3 days ago•5 views

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

5CVSS5.7AI score0.0009EPSS

ATTACKERKB•added 3 days ago•9 views

CVE-2026-55655

5CVSS5.7AI score0.0009EPSS

Exploits0References3

RedHat Linux•added 3 days ago•4 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00251EPSS

Exploits0References5

RedHat Linux•added 3 days ago•4 views

samba: group policy certificate enrollment uses http:// without validation

8CVSS5.8AI score0.00251EPSS

Exploits0References5

RedhatCVE•added 4 days ago•7 views

CVE-2026-52910

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF reuseport mechanism. When a cBPF program is detached from a reuseport group, it is freed immediately without waiting for Read-Copy-Update RCU readers to complete. This can lead to a use-after-free condition, resulting in memory...

7CVSS5.8AI score0.00165EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2026-55202

A flaw was found in Tinyproxy. This vulnerability allows unauthenticated remote attackers to gain unauthorized access to internal proxy statistics or misroute requests. This is possible due to improper validation of the Host header during stathost detection, which can be exploited by injecting a...

8.8CVSS5.9AI score0.00335EPSS