CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

196 matches found

CVE-2026-46526

CVE-2026-46526 concerns Local Deep Research. Before version 1.6.10, the URL validation flow had a logical flaw that could bypass SSRF protections because parsing differed between urlparse and the HTTP request library. The code first runs SSRF checks via validate_url and then uses requests.get to ...

5CVSS5.8AI score0.00035EPSS

Exploits0References6

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: TCP: Do not accept ACKs for bytes that we never sent. This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. The validation of ACK sequences currently follows the guidelines outlined in RFC 5961,...

5.5CVSS6.1AI score0.00012EPSS

Exploits0References2

RedHat Linux•added 2026/04/09 8:27 p.m.•2 views

undici: Undici: HTTP header injection and request smuggling vulnerability

A flaw was found in undici, a Node.js HTTP/1.1 client. This vulnerability allows a remote attacker to inject malicious data into HTTP headers or prematurely end HTTP requests by sending specially crafted input to the upgrade option of client.request. This is possible because undici does not...

4.6CVSS7AI score0.00012EPSS

Exploits0References7

CVE•added 2026/02/17 6:53 p.m.•52 views

CVE-2026-24734

CVE-2026-24734 is an Improper Input Validation vulnerability affecting Apache Tomcat Native and Apache Tomcat itself. When using an OCSP responder, Tomcat Native (and the Tomcat Native FFM port) may not perform verification or freshness checks on OCSP responses, potentially allowing certificate r...

7.5CVSS5.4AI score0.00091EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2026/02/16 12:28 p.m.•1 views

kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

7.5CVSS5.7AI score0.00053EPSS

Exploits0References5

RedHat Linux•added 2026/02/16 12:13 p.m.•1 views

kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

7.5CVSS5.7AI score0.00053EPSS

Exploits0References5

Positive Technologies•added 2026/02/11 12:0 a.m.•1 views

PT-2026-7793

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 26.3 Apple iPadOS versions prior to 26.3 Apple macOS Sonoma versions prior to 14.8.4 Apple macOS Sequoia versions prior to 15.7.4 Apple macOS Tahoe versions prior to 26.3 Apple watchOS versions prior to 26.3...

5.4AI score0.00021EPSS

Exploits0References8

Github Security Blog•added 2026/02/02 10:11 p.m.•4 views

cert-manager-controller DoS via Specially Crafted DNS Response

Impact The cert-manager-controller performs DNS lookups during ACME DNS-01 processing for zone discovery and propagation self-checks. By default, these lookups use standard unencrypted DNS. An attacker who can intercept and modify DNS traffic from the cert-manager-controller pod can insert a...

5.9CVSS5.5AI score0.00018EPSS

Exploits0References10Affected Software1

OSV•added 2026/01/25 3:15 p.m.•1 views

UBUNTU-CVE-2026-22998

7.5CVSS6.2AI score0.00053EPSS

Exploits0References25

RedhatCVE•added 2026/01/09 11:19 a.m.•2 views

CVE-2021-22892

An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks...

7.5CVSS6.3AI score0.01357EPSS

Exploits1References1

Tenable Nessus•added 2025/11/05 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990262)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990262 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver...

7.1CVSS6.9AI score0.01125EPSS

Exploits0References3

SUSE CVE•added 2025/10/16 11:24 p.m.•1 views

SUSE CVE-2025-39981

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmtpending being freed while still being processed like in the following trace, in order to fix mgmtpendingvalid is introduce and use to check...

7CVSS6.5AI score0.00032EPSS

Exploits0References25

EUVD•added 2025/10/08 5:32 a.m.•2 views

EUVD-2025-31842

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as...

6.5CVSS6.3AI score0.00071EPSS

Exploits1References6

NVD•added 2025/10/07 4:15 p.m.•2 views

CVE-2023-53654

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation before accessing cgx and lmac with the addition of new MAC blocks like CN10K RPM and CN10KB RPMUSX, LMACs are noncontiguous and CGX blocks are also noncontiguous. But during RVU driver initialization,...

5.5CVSS0.00017EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•0 views

EUVD-2021-23346

Malware in sbrugna...

5.5CVSS5.6AI score0.00189EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-24932

Malware in sbrugna...

9.8CVSS9.2AI score0.00285EPSS

Exploits0References2