CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/12 12:0 a.m.•5 views

Adobe CAI Content Credentials 输入验证错误漏洞

6.2CVSS5.8AI score0.00255EPSS

NVD•added 2026/05/11 10:22 p.m.•9 views

CVE-2026-43886

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope uses Array.some to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the...

8.2CVSS0.00211EPSS

CNNVD•added 2026/05/11 12:0 a.m.•5 views

Wikimedia AbuseFilter 输入验证错误漏洞

Wikimedia AbuseFilter is an editing filter tool developed by the Wikimedia Foundation, designed to automatically filter and block suspicious edits, account creation, and other disruptive activities based on custom rules. Versions of Wikimedia AbuseFilter prior to 1.43.7, as well as versions 1.44....

2.1CVSS5.8AI score0.00244EPSS

CNNVD•added 2026/05/09 12:0 a.m.•6 views

pyp2spec 输入验证错误漏洞

pyp2spec is a Python tool for generating Fedora RPM specification files from the individual developer Karolina Surma. An input validation error vulnerability exists in pyp2spec versions prior to 0.14.1, which stems from the failure to escape RPM macro commands when generating a spec file, which...

7.8CVSS5.9AI score0.00197EPSS

RedhatCVE•added 2026/05/07 8:21 p.m.•5 views

CVE-2026-37554

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

7.5CVSS5.8AI score0.0035EPSS

Snyk•added 2026/05/07 4:40 p.m.•7 views

Origin Validation Error

Overview cinny is a Yet another matrix client Affected versions of this package are vulnerable to Origin Validation Error in the process that handles emoji pack avatar URLs in the service worker. An attacker can obtain a victim's access token by crafting a malicious emote pack with an...

7.1CVSS5.8AI score0.00302EPSS

EUVD•added 2026/05/07 12:31 p.m.•7 views

EUVD-2026-28356

Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Liderahenk: from 2.0.1 before 2.0.2...

NVD•added 2026/05/07 12:16 p.m.•12 views

CVE-2026-6508

9.8CVSS0.00223EPSS

CVE•added 2026/05/07 11:47 a.m.•10 views

CVE-2026-6508

The CVE-2026-6508 entry affects Liderahenk software from 2.0.1 before 2.0.2. An Origin Validation Error could allow access to functionality not properly constrained by ACLs, enabling unauthorized use of features. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields a base score of 9....

Cvelist•added 2026/05/07 11:47 a.m.•31 views

CVE-2026-6508 RCE in TUBITAK BILGEM's Liderahenk

9.8CVSS0.00223EPSS

ATTACKERKB•added 2026/05/07 11:47 a.m.•6 views

CVE-2026-6508

Exploits0References2Affected Software1

OSV•added 2026/05/07 8:53 a.m.•4 views

BIT-THRIFT-2026-43870 Apache Thrift: Node.js web_server.js multi-vulnerability

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.8AI score0.00394EPSS

Exploits0References3

CNNVD•added 2026/05/07 12:0 a.m.•8 views

GoBGP 输入验证错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions prior to GoBGP 4.3.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from improper handling of internal slice index shifts when processing a 4-byte AS...

7.5CVSS5.8AI score0.00503EPSS

Exploits1References1

CNNVD•added 2026/05/07 12:0 a.m.•5 views

Tubitak Ulakbim LiderAhenk Software 访问控制错误漏洞

Tubitak Ulakbim LiderAhenk Software is an open-source software system developed by the Turkish National Academic Network and Knowledge Center Tubitak Ulakbim. It is used for centralized management, monitoring, and control of systems and users on enterprise networks. In versions 2.0.1 to 2.0.2 of...

Positive Technologies•added 2026/05/07 12:0 a.m.•10 views

PT-2026-38423

Name of the Vulnerable Software and Affected Versions Liderahenk versions 2.0.1 through 2.0.1 Description An Origin Validation Error in the application allows attackers to bypass Access Control Lists ACLs, which are sets of rules that define permissions for users or systems. This flaw enables...

Github Security Blog•added 2026/05/05 9:31 a.m.•11 views

Exploits0References8

Apache Thrift vulnerable to Path Traversal, HTTP Request/Response Splitting, Uncontrolled Resource Consumption

7.3CVSS5.8AI score0.00394EPSS

Exploits0References6Affected Software1

Snyk•added 2026/05/05 9:26 a.m.•7 views

Origin Validation Error

Overview thrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Origin Validation Error in the webserver.js component. An attacker can access unauthorized files, inject...

7.3CVSS5.9AI score0.00394EPSS

Snyk•added 2026/05/05 9:26 a.m.•6 views

Origin Validation Error

Overview org.webjars.npm:thrift is a lightweight, language-independent software stack with an associated code generation mechanism for point-to-point RPC. Affected versions of this package are vulnerable to Origin Validation Error in the webserver.js component. An attacker can access unauthorized...

7.3CVSS5.9AI score0.00394EPSS

NVD•added 2026/05/05 9:16 a.m.•10 views

CVE-2026-43870

7.3CVSS0.00394EPSS