CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/24 3:34 p.m.•4 views

CVE-2025-47904 Unsigned upgrade package

Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5...

5.7CVSS5.4AI score0.00005EPSS

Snyk•added 2026/02/24 6:19 a.m.•2 views

Signed to Unsigned Conversion Error

Overview Affected versions of this package are vulnerable to Signed to Unsigned Conversion Error via the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. An attacker can cause a heap buffer overflow by supplying a specially...

7.1CVSS5.9AI score0.00025EPSS

Exploits1References2

Snyk•added 2026/02/24 6:19 a.m.•6 views

Signed to Unsigned Conversion Error

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Signed to Unsigned Conversion Error via the istreamnonparallelread function in ImfContextInit.cpp when parsing a malformed EXR file through a memory-mapped IStream. An...

7.1CVSS5.9AI score0.00025EPSS

Exploits1References2

Snyk•added 2026/02/24 12:53 a.m.•3 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.2CVSS6.2AI score0.00019EPSS

Snyk•added 2026/02/24 12:53 a.m.•3 views

Integer Overflow or Wraparound

Overview Magick.NET-Q8-x86 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.2CVSS6.2AI score0.00019EPSS

Tenable Nessus•added 2026/02/23 12:0 a.m.•5 views

OpenClaw < 2026.2.14 Multiple Vulnerabilities

The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.2.14. It is, therefore, affected by multiple vulnerabilities, including: - A command injection in the maintainer clawtributors updater script allowed arbitrary command execution via crafted git commit author...

8.8CVSS6.4AI score0.00063EPSS

Exploits0References22

RedhatCVE•added 2026/02/21 1:28 a.m.•3 views

CVE-2026-26319

OpenClaw is a personal AI assistant. Versions 2026.2.13 and below allow the optional @openclaw/voice-call plugin Telnyx webhook handler to accept unsigned inbound webhook requests when telnyx.publicKey is not configured, enabling unauthenticated callers to forge Telnyx events. Telnyx webhooks are...

7.5CVSS5.7AI score0.00047EPSS

Exploits0References1

NVD•added 2026/02/19 11:16 p.m.•6 views

CVE-2026-26319

7.5CVSS0.00047EPSS

Cvelist•added 2026/02/19 10:5 p.m.•18 views

CVE-2026-26319 OpenClaw has Missing Webhook Authentication in Telnyx Provider Allowing Unauthenticated Requests

7.5CVSS0.00047EPSS

CNNVD•added 2026/02/19 12:0 a.m.•5 views

OpenClaw 访问控制错误漏洞

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from an Access Control Error vulnerability that stems from the @openclaw/voice-call plugin Telnyx webhook handler accepting unsigned inbound webhook requests when telnyx.publicKey is not configured, which can b...

7.5CVSS6AI score0.00047EPSS

NVD•added 2026/02/18 9:16 p.m.•10 views

CVE-2025-1272

The Linux Kernel lockdown mode for kernel versions starting on 6.12 and above for Fedora Linux has the lockdown mode disabled without any warning. This may allow an attacker to gain access to sensitive information such kernel memory mappings, I/O ports, BPF and kprobes. Additionally unsigned...

7.7CVSS0.00006EPSS

OSV•added 2026/02/18 9:16 p.m.•3 views

UBUNTU-CVE-2025-1272

7.7CVSS6AI score0.00006EPSS

Cvelist•added 2026/02/18 8:29 p.m.•20 views

CVE-2025-1272 Kernel: secure boot does not automatically enable kernel lockdown

7.7CVSS0.00006EPSS

CVE•added 2026/02/18 8:29 p.m.•325 views

CVE-2025-1272

CVE-2025-1272 is a reserved entry that, according to connected advisories, concerns the Linux kernel where Secure Boot does not automatically enable kernel lockdown. The affected component is the kernel, and the vulnerability implies lockdown may not be enforced unless patches/settings are applie...

7.7CVSS7.8AI score0.00006EPSS

Debian CVE•added 2026/02/18 8:29 p.m.•12 views

CVE-2025-1272

7.7CVSS7.5AI score0.00006EPSS

Exploits0

CNNVD•added 2026/02/18 12:0 a.m.•4 views

Red Hat Enterprise Linux 安全漏洞

Red Hat Enterprise Linux is a Linux operating system for enterprise users developed by the American company Red Hat. There is a security vulnerability in Red Hat Enterprise Linux, which stems from the disabled lock mode. This vulnerability could allow attackers to access sensitive information or...

7.7CVSS7.1AI score0.00006EPSS

OSV•added 2026/02/16 9:22 p.m.•3 views

ALPINE-CVE-2026-2474

Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypturandomgetrandom. The function does not validate that the length parameter is non-negative. If a negative value e.g. -1 is supplied, the expression length + 1u causes an integer...

7.5CVSS5.8AI score0.00062EPSS

Exploits0References1

RedhatCVE•added 2026/02/16 2:38 p.m.•6 views

CVE-2026-23118

A data race flaw was found in the Linux kernel's RxRPC protocol implementation. The lasttxat field is accessed without proper synchronization between rxrpcpeerkeepaliveworker and rxrpcsenddatapacket. Additionally, on 32-bit architectures, the 64-bit lasttxat value can experience load/store tearin...

4.7CVSS5.3AI score0.00013EPSS