CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•11 views

CVE-2026-53130

CVE-2026-53130 affects the Linux kernel’s OMFS (fs/omfs). If s_sys_blocksize is smaller than OMFS_DIR_START, omfs_fill_super() previously rejected oversized values but did not guard against underflow. omfs_make_empty() uses s_sys_blocksize - OMFS_DIR_START as the memset length; with s_sys_blocksi...

5.7AI score0.0018EPSS

CVE•added 2 days ago•7 views

CVE-2026-52987

Summary: CVE-2026-52987 affects the Linux kernel’s DRM AMDGPU code. When new_addition is true, amdgpu_userq_vm_validate() calls drm_exec_fini(&exec) before walking the collected HMM ranges and calling amdgpu_ttm_tt_get_user_pages(). If amdgpu_ttm_tt_get_user_pages() fails in that path, code jumps...

5.8AI score0.00162EPSS

RedHat Linux•added 2 days ago•4 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.00522EPSS

Exploits1References5

EUVD•added 2 days ago•4 views

EUVD-2026-38804

motionEye mEye is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files fro...

8.7CVSS6AI score0.00623EPSS

NVD•added 2 days ago•7 views

CVE-2026-57289

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to...

4.8CVSS0.00097EPSS

RedHat Linux•added 2 days ago•4 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.1AI score0.00349EPSS

RedHat Linux•added 2 days ago•4 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.0052EPSS

EUVD•added 2 days ago•7 views

EUVD-2026-38770

4.8CVSS5.9AI score0.00097EPSS

CVE•added 2 days ago•61 views

CVE-2026-57289

The vulnerability affects Jenkins Bitbucket Push and Pull Request Plugin prior to 3.3.9. The plugin unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint. This misconfiguration a...

4.8CVSS5.9AI score0.00097EPSS

Exploits0References1Affected Software1

Cvelist•added 2 days ago•31 views

CVE-2026-57289

0.00097EPSS

NVD•added 2 days ago•8 views

CVE-2026-56338

Capgo before 12.128.2 contains a denial of service vulnerability in the /auth/v1/otp endpoint that prevents email verification for two-factor authentication due to captcha validation failures. Authenticated users cannot complete 2FA enrollment as the backend consistently returns HTTP 500 errors...

6.9CVSS0.00281EPSS

CVE•added 2 days ago•7 views

CVE-2026-13163

CVE-2026-13163 describes an open redirect in Mailerup (<1.0.0) via the _safe_redirect function in the click-tracking endpoint /c// on all platforms. The vulnerability allows remote, unauthenticated attackers to redirect victims to arbitrary external sites by crafting the u parameter. The schem...

5.3CVSS6.1AI score0.00329EPSS

CVE•added 2 days ago•10 views

CVE-2026-56338

Capgo prior to version 12.128.2 contains a denial-of-service flaw in the /auth/v1/otp endpoint used for 2FA email verification. The issue arises from captcha validation failures causing the backend to return HTTP 500 errors, preventing authenticated users from completing 2FA enrollment and access...

6.9CVSS5.9AI score0.00281EPSS

CVE•added 2 days ago•9 views

CVE-2026-56256

CVE-2026-56256 affects Capgo prior to 12.128.2, where 2FA is enforced only at the UI level. The backend ORG management API endpoints (e.g., editing organization details, inviting users) do not require 2FA, allowing an authenticated admin without 2FA to replay/modify a captured ORG API request to ...

7.1CVSS5.9AI score0.00238EPSS

EUVD•added 2 days ago•7 views

EUVD-2026-38743

Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization ORG management API endpoints e.g., editing organization details, inviting users do not validate 2FA completion on the backend. An authenticated Admin user who has not enabled 2FA can...

7.1CVSS5.9AI score0.00238EPSS

Cvelist•added 2 days ago•31 views

CVE-2026-56256 Capgo - Two-Factor Authentication Bypass via Organization Management API

7.1CVSS0.00238EPSS

NVD•added 2 days ago•9 views

CVE-2026-13150

Server-Side Request Forgery SSRF CWE-918 in the PDF generation endpoint GET /api/reports/id/pdf backend/main.py in ccyl13 Pentestify 1.0.0 and lower allows remote attackers to make the server issue requests to arbitrary internal or external URLs, including cloud metadata services, and return the...

6.9CVSS0.00292EPSS