CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12984 matches found

PyPA•added 2026/04/06 6:16 p.m.•7 views

PYSEC-2026-72

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

9.8CVSS6.6AI score0.00202EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/04/06 5:0 p.m.•3 views

CVE-2026-34824

Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession o...

7.5CVSS5.8AI score0.00041EPSS

Exploits1References1

RedHat Linux•added 2026/04/06 8:9 a.m.•2 views

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...

8.8CVSS5.7AI score0.00036EPSS

Exploits0References5

RedHat Linux•added 2026/04/06 7:24 a.m.•3 views

gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.8AI score0.00059EPSS

Exploits1References5

RedHat Linux•added 2026/04/06 2:1 a.m.•3 views

kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()

8.8CVSS5.7AI score0.00036EPSS

Exploits0References5

OSV•added 2026/04/05 10:34 a.m.•1 views

SUSE-SU-2026:1189-1 Security update for the Linux Kernel RT (Live Patch 8 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.7.28 fixes various security issues The following security issues were fixed: - CVE-2025-71120: SUNRPC: svcauthgss: avoid NULL deref on zero length gsstoken in gssreadproxyverf bsc1256780. - CVE-2026-22999: net/sched: schqfq: do not fre...

7.8CVSS6AI score0.00033EPSS

Exploits0References11

SUSE CVE•added 2026/04/04 11:25 p.m.•4 views

SUSE CVE-2026-22815

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4...

7.5CVSS5.7AI score0.0002EPSS

Exploits0References3

RedhatCVE•added 2026/04/04 5:0 p.m.•3 views

CVE-2026-25044

Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing...

8.8CVSS5.9AI score0.00085EPSS

Exploits0References1

SUSE CVE•added 2026/04/03 11:24 p.m.•2 views

SUSE CVE-2026-34829

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfe...

7.5CVSS5.8AI score0.00065EPSS

Exploits0References4

SUSE CVE•added 2026/04/03 11:24 p.m.•4 views

SUSE CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS5.8AI score0.00058EPSS

Exploits0References16

SUSE CVE•added 2026/04/03 11:24 p.m.•1 views

SUSE CVE-2026-35549

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the cachingsha2password authentication plugin is installed, and some user accounts are configured to use it, a large packet can crash the server because sha256cryptr uses allo...

6.5CVSS5.8AI score0.00053EPSS

Exploits0References3

NVD•added 2026/04/03 4:16 p.m.•2 views

CVE-2026-23474

In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIGFORTIFYSOURCE=y and a recent compiler, commit 439a1bcac648 "fortify: Use builtindynamicobjectsize when available" produces the warning below and an oops. Searchi...

5.5CVSS0.0002EPSS

Exploits0References8

OSV•added 2026/04/03 4:16 p.m.•2 views

UBUNTU-CVE-2026-23474

5.5CVSS5.9AI score0.0002EPSS

Exploits0References9

ATTACKERKB•added 2026/04/03 3:16 p.m.•0 views

CVE-2026-31397

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: fix use of NULL folio in movepageshugepmd movepageshugepmd handles UFFDIOMOVE for both normal THPs and huge zero pages. For the huge zero page path, srcfolio is explicitly set to NULL, and is used as a sentinel to...

5.8AI score0.00015EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/03 1:27 p.m.•0 views

JLSEC-2026-38

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

8CVSS6.9AI score0.00973EPSS

Exploits0References6