CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/01/28 8:16 p.m.•4 views

CVE-2025-68933

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the moderatorschangepostownership setting enabled can change ownership of posts in private messages and restricted categories they cannot access, then export...

6.9CVSS0.00135EPSS

OSV•added 2026/01/28 7:17 p.m.•8 views

CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

Cvelist•added 2026/01/28 7:17 p.m.•28 views

CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer

6.9CVSS0.00135EPSS

CVE•added 2026/01/28 7:17 p.m.•15 views

CVE-2025-68933

CVE-2025-68933 (Discourse) is a broken access control vulnerability affecting Discourse versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. Non-admin moderators with the moderators_change_post_ownership setting enabled can change ownership of posts in private messages and restricted cate...

Exploits0References1Affected Software1

ATTACKERKB•added 2026/01/28 7:17 p.m.•4 views

CVE-2025-68933

Exploits0References2Affected Software1

EUVD•added 2026/01/28 7:17 p.m.•5 views

EUVD-2025-206428

OSV•added 2026/01/28 6:16 p.m.•5 views

CVE-2020-36964

YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecting and sending a malformed command that triggers a buffer overflow and service crash...

8.7CVSS6.1AI score0.00396EPSS

Fedora•added 2026/01/28 1:27 a.m.•8 views

[SECURITY] Fedora 42 Update: curl-8.11.1-7.fc42

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

6.3CVSS6.1AI score0.00106EPSS

Exploits0

Positive Technologies•added 2026/01/28 12:0 a.m.•7 views

PT-2026-5156

9.8CVSS6.1AI score0.00396EPSS

Exploits0References4

CNNVD•added 2026/01/28 12:0 a.m.•6 views

YATinyWinFTP buffer error vulnerability

YATinyWinFTP is an FTP server developed by ik80’s individual developer. YATinyWinFTP has a buffer error vulnerability; this vulnerability arises from sending certain data that may trigger a buffer overflow, potentially leading to a denial-of-service attack...

9.8CVSS6AI score0.00396EPSS

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5192

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. Non-admin moderators with the...

6.9CVSS5.2AI score0.00135EPSS

Exploits0References7

RedHat Linux•added 2026/01/27 9:34 a.m.•4 views

urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion

A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...

8.9CVSS5.7AI score0.00622EPSS

Exploits0References6

CNNVD•added 2026/01/27 12:0 a.m.•6 views

Pablo Software Solutions Quick n Easy FTP Service Code Issues and Vulnerabilities

Pablo Software Solutions Quick n Easy FTP Service is a Windows platform FTP server software provided by Pablo Software Solutions. Version 3.2 of Pablo Software Solutions Quick n Easy FTP Service has a code vulnerability caused by an unquoted service path, which may allow local attackers to execut...

8.5CVSS6.2AI score0.00162EPSS

Exploits0References5

Tenable Nessus•added 2026/01/27 12:0 a.m.•4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005144 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out o...

7.8CVSS6.9AI score0.00327EPSS

Broadcom•added 2026/01/27 12:0 a.m.•12 views

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

6.5CVSS7.2AI score0.01703EPSS

Exploits1

EUVD•added 2026/01/26 7:36 p.m.•4 views

EUVD-2025-206338

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

4.3CVSS5.8AI score0.00376EPSS

Exploits0References2

Vulnrichment•added 2026/01/26 9:24 a.m.•4 views

CVE-2025-41082 HTTP Request/Response Smuggling in Altitude Communication Server

Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...

6.9CVSS5.9AI score0.00386EPSS