CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12551 matches found

EUVD•added 2026/04/08 12:30 a.m.•3 views

EUVD-2026-19984

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.This issue affects non release branches...

8.8CVSS5.9AI score0.00263EPSS

Exploits0References3

UbuntuCve•added 2026/04/08 12:0 a.m.•2 views

CVE-2026-31411

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigdsend Reproducer available at 1. The ATM send path sendmsg - vccsendmsg - sigdsend reads the vcc pointer from msg-vcc and uses it directly without any validation. This...

5.5CVSS5.8AI score0.00125EPSS

Exploits0References2

Tenable Nessus•added 2026/04/08 12:0 a.m.•0 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006766)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006766 advisory. In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnetstartxmit/usbsubmiturb The syzbot fuzzer identified a problem i...

5.5CVSS5.8AI score0.00143EPSS

Exploits0References4

Tenable Nessus•added 2026/04/08 12:0 a.m.•8 views

RHEL 9 : kernel (RHSA-2026:7013)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7013 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free i...

7.8CVSS5.9AI score0.00248EPSS

Exploits1References13

SUSE CVE•added 2026/04/07 11:27 p.m.•4 views

SUSE CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

6.5CVSS6.2AI score0.00631EPSS

Exploits0References19

RedHat Linux•added 2026/04/07 11:16 p.m.•1 views

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

A heap buffer use after free has been discovered in FreeRDP. Asynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use after free in urbwritecompletion...

8.7CVSS5.9AI score0.00467EPSS

Exploits0References6

CVE•added 2026/04/07 6:56 p.m.•6 views

CVE-2026-39355

CVE-2026-39355 affects the Genealogy PHP application. Before version 5.9.1, a broken access control in TeamController::transferOwnership() lets any authenticated user transfer ownership of arbitrary non-personal teams to themselves, enabling takeover of team workspaces and access to associated da...

9.9CVSS6.1AI score0.00315EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/04/07 6:56 p.m.•14 views

CVE-2026-39355 Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)

Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces...

9.9CVSS0.00315EPSS

Exploits1References1

Vulnrichment•added 2026/04/07 6:56 p.m.•2 views

CVE-2026-39355 Genealogy is Missing Authorization in `TeamController::transferOwnership()` Allows Any Authenticated User to Hijack Any Team (Broken Access Control)

9.9CVSS6.1AI score0.00315EPSS

Exploits1References1

EUVD•added 2026/04/07 6:56 p.m.•3 views

EUVD-2026-19865

9.9CVSS6.1AI score0.00315EPSS

Exploits1References1

ATTACKERKB•added 2026/04/07 6:56 p.m.•2 views

CVE-2026-39355

9.9CVSS6.1AI score0.00315EPSS

Exploits1References2Affected Software1

Github Security Blog•added 2026/04/07 3:30 p.m.•6 views

Django has potential DoS via MultiPartParser through crafted multipart uploads

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

6.5CVSS5.9AI score0.00689EPSS

Exploits1References6Affected Software1

EUVD•added 2026/04/07 12:31 p.m.•4 views

EUVD-2026-19603

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The ischunkedtransfer function uses strcmp to compare the header value against "chunked", even though RFC 7230 specifies that...

8.7CVSS5.9AI score0.00899EPSS

Exploits1References4

RedHat Linux•added 2026/04/07 12:25 p.m.•4 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.5AI score0.00534EPSS

Exploits5References15

RedHat Linux•added 2026/04/07 12:25 p.m.•5 views

freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb

8.7CVSS5.9AI score0.00467EPSS

Exploits0References6