CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1161 matches found

Positive Technologies•added 2026/04/23 12:0 a.m.•2 views

PT-2026-34823

Summary The fetch call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transform.ts line 28 uses the default redirect: 'follow' behavior. This allows the Cloudflare Worker to follow HTTP redirects to arbitrary URLs, bypassing the isRemoteAllowed domain allowlist chec...

2.2CVSS5.9AI score0.00047EPSS

Exploits0References7

OSV•added 2026/04/22 6:31 p.m.•1 views

GHSA-FHR3-XH3Q-69W6 uutils coreutils has an Incorrect Provision of Specified Functionality Issue

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

3.3CVSS5.8AI score0.00015EPSS

Exploits1References5

RedhatCVE•added 2026/04/22 6:24 p.m.•2 views

CVE-2026-31472

A flaw was found in the Linux kernel, specifically within the xfrm and iptfs components. A remote attacker could exploit this vulnerability by sending a specially crafted Encapsulating Security Payload ESP packet. This packet, containing an inner IPv4 header with a total length totlen of zero or...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References4

Fedora•added 2026/04/22 7:50 a.m.•3 views

[SECURITY] Fedora 43 Update: jq-1.8.1-3.fc43

lightweight and flexible command-line JSON processor jq is like sed for JSON data =E2=80=93 you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. It is written in portable C, and it has zero runtime...

8.2CVSS5.3AI score0.00072EPSS

Exploits4

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34376

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publish mode data after clone setup iptfs clone state stores x-mode data before allocating the reorder window. If that allocation fails, the code frees the cloned state and returns -ENOMEM, leaving x-mode data...

5.7AI score0.00015EPSS

Exploits0References4

Snyk•added 2026/04/20 9:11 p.m.•5 views

Command Injection

Overview flowsint is an Add your description here Affected versions of this package are vulnerable to Command Injection via the orgtoasn transform process. An attacker can execute arbitrary operating system commands as root on the host machine by supplying shell metacharacters and escaping the...

10CVSS6.1AI score0.00247EPSS

Exploits1References2

Vulnrichment•added 2026/04/20 7:56 p.m.•1 views

CVE-2026-32311 Command Injection and Docker container escape allows root on host machine

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

10CVSS6.2AI score0.00247EPSS

Exploits1References2

CVE•added 2026/04/20 7:56 p.m.•11 views

CVE-2026-32311

Flowsint is affected by a high-severity vulnerability in which an attacker can create a sketch and trigger the org_to_asn transformer on an organization node to execute arbitrary OS commands as root on the host via shell metacharacters and a Docker container escape. The issue pertains to the tran...

10CVSS6.2AI score0.00247EPSS

Exploits1References2Affected Software1

Tenable Nessus•added 2026/04/20 12:0 a.m.•3 views

AlmaLinux 8 : .NET 10.0 (ALSA-2026:8473)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8473 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotnet:...

7.5CVSS6.4AI score0.08014EPSS

Exploits0References6

OSV•added 2026/04/16 10:49 p.m.•4 views

GHSA-FPW4-P57J-HQMQ Paperclip: Stored XSS via javascript: URLs in MarkdownBody — urlTransform override disables react-markdown sanitization

Summary MarkdownBody, the shared component used to render every Markdown surface in the Paperclip UI issue documents, issue comments, chat threads, approvals, agent details, export previews, etc., passes urlTransform=url = url to react-markdown. That override replaces react-markdown's built-in...

5.4CVSS5.8AI score

Exploits0References2