CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RustSec•added yesterday•5 views

`pqcrypto-internals` is unmaintained: upstream PQClean project being archived

This crate provides internal FFI utilities for the pqcrypto- ecosystem, directly wrapping C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream...

5.8AI score

Exploits0

OSV•added yesterday•3 views

RUSTSEC-2026-0163 `pqcrypto-internals` is unmaintained: upstream PQClean project being archived

5.8AI score

Tenable Nessus•added yesterday•2 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-8375-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8375-1 advisory. It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SM...

9.2CVSS6.1AI score0.00897EPSS

Exploits37References13

NVD•added 2 days ago•5 views

CVE-2026-4035

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS0.00278EPSS

Exploits1References2

EUVD•added 2 days ago•6 views

EUVD-2026-34068

9.1CVSS7.6AI score0.00278EPSS

Exploits1References2

Cvelist•added 2 days ago•36 views

CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow

9.1CVSS0.00278EPSS

Exploits1References2

Ubuntu•added 2 days ago•6 views

USN-8375-1: nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

9.2CVSS7.7AI score0.00897EPSS

Exploits37

NVD•added 3 days ago•9 views

CVE-2026-47201

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

8.5CVSS0.00063EPSS

EUVD•added 3 days ago•7 views

EUVD-2026-34027

ATTACKERKB•added 3 days ago•5 views

CVE-2026-47201

Exploits0References2Affected Software1

Vulnrichment•added 3 days ago•4 views

CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

Positive Technologies•added 3 days ago•8 views

PT-2026-45786

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.content length header/1...

6.3CVSS5.8AI score0.00042EPSS

Exploits0References6

RedhatCVE•added 4 days ago•5 views

CVE-2026-9963

An uninitialized use flaw was found in the iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505143241...

8.8CVSS5.8AI score0.00104EPSS

Exploits0References4

OSV•added 6 days ago•2 views

CLSA-2026-1780132159 Fix of 7 CVEs

CVE-2026-23193 - scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount CVE-2026-23193 CVE-2025-71093 - e1000: fix OOB in e1000tbishouldaccept CVE-2025-71093 CVE-2025-71116 - libceph: make decodepool more resilient against corrupted osdmaps CVE-2025-71116 CVE-2025-71136 - media:...

8.8CVSS6.7AI score0.00036EPSS

Tenable Nessus•added 6 days ago•7 views

Fedora 44 : docker-compose (2026-3316f97296)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3316f97296 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

9.8CVSS7.2AI score0.00063EPSS

Tenable Nessus•added 6 days ago•6 views

Fedora 43 : docker-compose (2026-951a6725b8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-951a6725b8 advisory. - Update to release v5.1.4 - Resolves: rhbz2480186 - Upstream fixes ---- - Update to release v5.1.3 - Resolves rhbz2458697 - Resolves CVE-2026-33747...

9.8CVSS7.2AI score0.00063EPSS

OSV•added last week•6 views

GHSA-C3M2-JQMQ-PVP3 authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

Summary authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. Patches authentik 2026.5.1, 2026.2.4 and...

Github Security Blog•added last week•16 views

authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

Exploits0References3Affected Software1

OSV•added last week•2 views

CLSA-2026-1780055179 Fix CVE(s): CVE-2026-46483

SECURITY UPDATE: command injection in tar plugin Vimuntar - debian/patches/CVE-2026-46483.patch: pass shellescapetartail, 1 instead of shellescapetartail in the two :!gunzip / :!gzip -d lines of runtime/autoload/tar.vim::tarVimuntar so Vim's special characters !, %, are escaped before the filenam...

7CVSS5.8AI score0.00017EPSS