CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•24 views

CVE-2026-41479

Authlib’s OAuth 2.0 authorization endpoint is vulnerable to an unauthenticated open redirect when an unsupported response_type is requested and a attacker-controlled redirect_uri is supplied. This occurs before client lookup and any redirect_uri validation, allowing a single request to yield a 30...

5.4CVSS6AI score0.00029EPSS

EUVD•added yesterday•7 views

EUVD-2026-38278

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score

CVE•added yesterday•7 views

CVE-2026-12725

CVE-2026-12725 affects dnsmasq. The flaw is a heap-based buffer overflow in the log_query() path when DNSSEC validation and query logging are both enabled and DNS responses contain DS/DNSKEY records with unsupported algorithm or digest types. This can cause dnsmasq to write past the end of an int...

5.9CVSS6.1AI score

AstraLinux•added 4 days ago•3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel before version 4.8, the usbparseendpoint function in drivers/usb/core/config.c did not validate the wMaxPacketSize field of an endpoint descriptor. NOTE: This vulnerability only affects products that are no longer supported by the supplier...

8.4CVSS6.2AI score0.00238EPSS

Cvelist•added 6 days ago•15 views

CVE-2026-50196 Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS0.00339EPSS

Exploits0References3

CVE•added 6 days ago•16 views

CVE-2026-50196

CVE-2026-50196 – Steeltoe.Discovery.Eureka : In Steeltoe.Discovery.Eureka before versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws an ArgumentException for any DataCenterInfo.name other than MyOwn, Amazon, or Netflix, causing the registry deserialization to fail and the cache refresh to sw...

7.5CVSS5.4AI score0.00339EPSS

Exploits0References3

OSV•added 2026/06/10 5:10 p.m.•6 views

DRUPAL-CONTRIB-2026-047

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

OSV•added 2026/06/10 5:9 p.m.•6 views

DRUPAL-CONTRIB-2026-046

The security team is marking the Composer module for Drupal project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read:...

OSV•added 2026/06/10 5:8 p.m.•6 views

DRUPAL-CONTRIB-2026-045

RedhatCVE•added 2026/06/10 2:59 p.m.•7 views

CVE-2026-8025

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...

9.8CVSS5.6AI score0.00275EPSS

OSV•added 2026/06/10 2:46 p.m.•5 views

OPENSUSE-SU-2026:20942-1 Security update for apptainer

This update for apptainer fixes the following issues: Changes in apptainer: - Update apptainer to version v1.5.1 Security fix bsc1267982: Fix for CVE-2026-48785 / GHSA-cr2j-534f-mf3g. Incorrect path matching for limit container paths directive. This is only applicable to SUID installations that...

5.4AI score

Drupal•added 2026/06/10 12:0 a.m.•6 views

Mother May I - Critical - Unsupported - SA-CONTRIB-2026-045

5.2AI score

Drupal•added 2026/06/10 12:0 a.m.•7 views

Composer - Critical - Unsupported - SA-CONTRIB-2026-046

5.3AI score

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48594

Drupal•added 2026/06/10 12:0 a.m.•10 views

Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

5.2AI score

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48595

Positive Technologies•added 2026/06/10 12:0 a.m.•7 views

PT-2026-48593

RedhatCVE•added 2026/06/09 2:59 p.m.•7 views

CVE-2026-11511

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

5.1CVSS5.3AI score0.00191EPSS