CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1738 matches found

EUVD•added 2026/05/29 5:14 p.m.•7 views

EUVD-2026-33375

Klever-Go is the Go implementation of the Klever blockchain protocol. Prior to 1.7.17, a remote, unauthenticated denial-of-service vulnerability in Batch.Decompress data/batch/batch.go allows any peer that participates in a topic served by MultiDataInterceptor to allocate multi-gigabyte heaps on...

8.6CVSS5.8AI score0.00278EPSS

Exploits0References1

ATTACKERKB•added 2026/05/29 5:14 p.m.•7 views

CVE-2026-44697

8.6CVSS5.8AI score0.00278EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/27 5:16 p.m.•9 views

CVE-2026-44483

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS0.00271EPSS

Exploits0References1

EUVD•added 2026/05/27 3:20 p.m.•10 views

EUVD-2026-32564

8.2CVSS5.9AI score0.00271EPSS

Exploits0References1

CVE•added 2026/05/26 9:4 p.m.•15 views

CVE-2026-44900

CVE-2026-44900 affects epa4all-client (Java client for epa4all / ePA 3.0). The root cause is in SignedPublicKeysTrustValidatorImpl.isTrusted(): the ECDSA verification step discards the boolean result from Signature.verify(), performing certificate chain validation, OCSP check, and signature algor...

8.1CVSS5.8AI score0.00121EPSS

Exploits0References2

CVE•added 2026/05/26 7:58 p.m.•12 views

CVE-2026-44451

Lumiverse prior to version 0.9.7 has a sandbox escape vulnerability in its component override system. The system transpiles user TSX with Sucrase and evaluates it via new Function, shadowing dangerous globals (fetch, window, eval, etc.). A static validator blocks identifiers, but a string-split b...

9.3CVSS5.7AI score0.0023EPSS

Exploits0References1

Snyk•added 2026/05/22 2:43 a.m.•7 views

Malicious Package

Overview chain-key-validator is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

EUVD•added 2026/05/22 12:31 a.m.•7 views

EUVD-2026-31362

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...

5.3CVSS5.8AI score0.00182EPSS

Exploits0References2

OSSF Malicious Packages•added 2026/05/21 1:31 a.m.•10 views

Malicious code in polygon-toolkit-validate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 77c6fa5fc2aa45c8649c09e54e0f5b318b096a78a133380d18d5379621ba819c The package presents a Polygon/Polymarket validation/crypto utility but its exported APIs silently relay caller data to a hardcoded remote endpoint. ...

5.9AI score

Exploits0References1

OSV•added 2026/05/21 1:31 a.m.•4 views

MAL-2026-4642 Malicious code in polygon-toolkit-validate (npm)

5.9AI score

Exploits0References1

Snyk•added 2026/05/20 7:7 p.m.•8 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the OCI validator process when upstream rate limits are encountered. An attacker can bypass intended ownership restrictions by exploiting the lack of proper checks during rate-limited conditions. Remediation...

5.1CVSS5.8AI score0.00206EPSS

Exploits0References3

RedhatCVE•added 2026/05/20 11:38 a.m.•6 views

CVE-2026-42959

A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...

8.7CVSS5.7AI score0.00512EPSS

Exploits0References3

RedhatCVE•added 2026/05/20 11:38 a.m.•5 views

CVE-2026-33278

A flaw was discovered in Unbound’s DNSSEC validator can leave it using an invalid memory pointer after certain DS sub-query validations fail due to NSEC3 budget exhaustion. This may cause crashes and could potentially allow arbitrary code execution...

10CVSS6AI score0.00888EPSS

Exploits0References3

OSV•added 2026/05/20 10:16 a.m.•3 views

ALPINE-CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

7.5CVSS5.6AI score0.00512EPSS

Exploits0References1

NVD•added 2026/05/20 10:16 a.m.•10 views

CVE-2026-42923

NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records does not take into account the limit on NSEC3 hash calculations introduced in 1.19.1. This leads to degradation of service during the...

6.9CVSS0.00339EPSS

Exploits0References1

NVD•added 2026/05/20 10:16 a.m.•12 views

CVE-2026-42959

8.7CVSS0.00512EPSS

Exploits0References1

OSV•added 2026/05/20 10:16 a.m.•3 views

ALPINE-CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

9.8CVSS6.6AI score0.00888EPSS

Exploits0References1