CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/17 12:0 a.m.•7 views

Cloud Foundry cf-deployment和Cloud Foundry UUA 安全漏洞

Cloud Foundry cf-deployment and Cloud Foundry UUA are both products of the American Cloud Foundry Foundation. Cloud Foundry cf-deployment is a Cloud Foundry deployment tool. Cloud Foundry UUA is an identity authentication and authorization management service. There are security vulnerabilities in...

8.6CVSS5.9AI score0.00364EPSS

CVE•added 2026/04/16 11:33 p.m.•24 views

CVE-2026-22734

The CVE-2026-22734 issue concerns a SAML 2.0 signature/encryption bypass in Cloud Foundry UUA/UAA. Affected software includes Cloud Foundry UUA from v77.30.0 to v78.7.0 and CF Deployment from v48.7.0 to v54.14.0, where UAA accepts unsigned/unencrypted SAML 2.0 bearer assertions, enabling an attac...

Vulnrichment•added 2026/04/16 11:33 p.m.•2 views

CVE-2026-22734 Cloud Foundry UAA SAML 2.0 Signature Bypass

EUVD•added 2026/04/16 11:33 p.m.•3 views

EUVD-2026-23322

Positive Technologies•added 2026/04/16 12:0 a.m.•4 views

PT-2026-33375

Github Security Blog•added 2026/04/14 11:40 p.m.•8 views

Exploits0References2

MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

Impact What kind of vulnerability is it? Who is impacted? An authentication bypass vulnerability in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allows any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid...

8.8CVSS5.9AI score0.00349EPSS

Exploits0References5Affected Software1

OSV•added 2026/04/14 11:40 p.m.•2 views

GHSA-HV4R-MVR4-25VW MinIO has an Unauthenticated Object Write via Query-String Credential Signature Bypass in Unsigned-Trailer Uploads

8.8CVSS5.9AI score0.00349EPSS

RedhatCVE•added 2026/04/14 7:23 p.m.•3 views

CVE-2026-5444

A heap buffer overflow vulnerability exists in the PAM image parsing logic. When Orthanc processes a crafted PAM image embedded in a DICOM file, image dimensions are multiplied using 32-bit unsigned arithmetic. Specially chosen values can cause an integer overflow during buffer size calculation,...

7.1CVSS6AI score0.00162EPSS

RedhatCVE•added 2026/04/14 7:23 p.m.•4 views

CVE-2026-5442

A heap buffer overflow vulnerability exists in the DICOM image decoder. Dimension fields are encoded using Value Representation VR Unsigned Long UL, instead of the expected VR Unsigned Short US, which allows extremely large dimensions to be processed. This causes an integer overflow during frame...

9.8CVSS6AI score0.00598EPSS

RedhatCVE•added 2026/04/14 7:22 a.m.•3 views

CVE-2026-33793

An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...

8.5CVSS5.9AI score0.00156EPSS

OSV•added 2026/04/14 12:4 a.m.•2 views

GHSA-9C4Q-HQ6P-C237 MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

Impact Two authentication bypass vulnerabilities in MinIO's STREAMING-UNSIGNED-PAYLOAD-TRAILER code path allow any user who knows a valid access key to write arbitrary objects to any bucket without knowing the secret key or providing a valid cryptographic signature. Any MinIO deployment is...

8.8CVSS6.1AI score0.00418EPSS

Github Security Blog•added 2026/04/14 12:4 a.m.•14 views

MinIO has an Unauthenticated Object Write via Missing Signature Verification in Unsigned-Trailer Uploads

8.8CVSS6AI score0.00418EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-32968

Impact This vulnerability impacts users of zarf package inspect sbom or zarf package inspect documentation on untrusted packages. Patches 4793, now fixed in version v0.74.2 Workarounds Avoid inspecting unsigned packages Description The package inspect sbom and package inspect documentation...

7.1CVSS5.9AI score0.0032EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•3 views

PT-2026-34234

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2023-05-18T00-05-36Z through RELEASE.2026-04-11T03-20-12Z Description An authentication bypass exists in the STREAMING-UNSIGNED-PAYLOAD-TRAILER code path. An attacker possessing a valid access key can write arbitrary...

8.8CVSS5.6AI score0.00349EPSS

Exploits0References6

SUSE CVE•added 2026/04/13 11:25 p.m.•3 views

SUSE CVE-2026-40385

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems...

4.4CVSS5.8AI score0.0009EPSS

Exploits0References3

RedhatCVE•added 2026/04/13 5:43 a.m.•2 views

CVE-2026-40385

A flaw was found in libexif. A local attacker on a 32-bit system could exploit an unsigned 32-bit integer overflow vulnerability in the Nikon MakerNote handling. This could lead to application crashes or the disclosure of sensitive information. Mitigation On 32-bit systems, avoid processing...

7.1CVSS5.8AI score0.0009EPSS

Exploits0References4

OSV•added 2026/04/13 5:40 a.m.•2 views

BIT-HELM-2026-35205 Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install

Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance .prov file when signature verification is required. This vulnerability is fixed in 4.1.4...

8.4CVSS5.8AI score0.00185EPSS