CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 2026/05/07 9:2 p.m.•5 views

Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs

Zebra Transparent SIGHASHSINGLE Corresponding-Output Handling Diverges From zcashd Summary For V5+ transparent spends, Zebra and zcashd disagree on the same consensus rule: SIGHASHSINGLE must fail when the input index has no corresponding output. zcashd treats this as consensus-invalid under...

5.9AI score

Exploits0References3Affected Software1

OSV•added 2026/05/07 10:19 a.m.•1 views

OPENSUSE-SU-2026:20705-1 Security update for log4cxx

This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain characters not allowed by the XML 1.0 specification An XML configuration file with recursive...

6.3CVSS5.8AI score0.00292EPSS

ATTACKERKB•added 2026/05/05 9:31 p.m.•3 views

CVE-2026-40934

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at /.local/share/jupyter/runtime/jupytercookiesecret and is never rotated when a user changes their password. After a password...

7.6CVSS5.8AI score0.00021EPSS

Exploits1References2Affected Software1

EUVD•added 2026/04/27 11:0 a.m.•3 views

EUVD-2026-25829

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

7.8CVSS5.2AI score0.00015EPSS

SUSE CVE•added 2026/04/25 1:38 a.m.•2 views

SUSE CVE-2026-31600

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: Handle invalid large leaf mappings correctly It has been possible for a long time to mark ptes in the linear map as invalid. This is done for secretmem, kfence, realm dma memory un/share, and others, by simply clearing...

5.5CVSS5.6AI score0.00039EPSS

Exploits0References3

CVE•added 2026/04/22 1:53 p.m.•7 views

CVE-2026-31440

CVE-2026-31440 affects the Linux kernel’s dmaengine idxd driver. The issue arises during device removal when a reset clears configuration registers, causing the prior check for event log support to fail if evl is no longer valid. The propagated fixes remove the check for “evl” enabled state and i...

5.5CVSS5.6AI score0.00015EPSS

Exploits0References5Affected Software1

CVE•added 2026/04/21 5:9 p.m.•6 views

CVE-2026-40585

blueprintUE prior to 4.2.0 generates a 128-character CSPRNG reset token and stores it with a password_reset_at timestamp. The token redemption function findUserIDFromEmailAndToken() only validates email+token, not whether password_reset_at falls within any expiry window, so a generated reset toke...

Vulnrichment•added 2026/04/21 5:9 p.m.•1 views

CVE-2026-40585 blueprintUE: Password Reset Tokens Have No Expiry Window

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a passwordresetat timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

EUVD•added 2026/04/21 5:9 p.m.•3 views

EUVD-2026-24181

Positive Technologies•added 2026/04/21 12:0 a.m.•3 views

PT-2026-34022

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, when a password reset is initiated, a 128-character CSPRNG token is generated and stored alongside a password reset at timestamp. However, the token redemption function findUserIDFromEmailAndToken queries only for a matching...

CNNVD•added 2026/04/21 12:0 a.m.•5 views

blueprintUE self-hosted edition 安全漏洞

The blueprintUE self-hosted edition is an open-source data modeling and visualization tool developed by blueprintUE. Versions prior to blueprintUE self-hosted edition 4.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the password reset token generation process, where th...

Tenable Nessus•added 2026/04/21 12:0 a.m.•3 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007048)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007048 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in objecterr objecterr reports details ...

5.5CVSS5.7AI score0.00014EPSS

Exploits0References4

Packet Storm News•added 2026/04/13 12:0 a.m.•2 views

Towards Automated Pentesting with Large Language Models

Large Language Models LLMs are redefining offensive cybersecurity by allowing the generation of harmful machine code with minimal human intervention. While attackers take advantage of dark LLMs such as XXXGPT and WolfGPT to produce malicious code, ethical hackers can follow similar approaches to...

6AI score

Exploits0

Tenable Nessus•added 2026/04/08 12:0 a.m.•4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006574)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006574 advisory. In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superbloc...

7.8CVSS5.8AI score0.00014EPSS

Exploits0References4

EUVD•added 2026/04/07 9:32 p.m.•2 views

EUVD-2025-209284

The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware packag...

5.1CVSS5.8AI score0.00015EPSS

RedhatCVE•added 2026/04/02 5:4 a.m.•0 views

CVE-2025-67806

The login mechanism of Sage DPW 202106004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 202106000. On-premise administrators can toggle this behavior in newer versions...

5.3CVSS5.8AI score0.00013EPSS

Positive Technologies•added 2026/04/02 12:0 a.m.•1 views

PT-2026-29935

Fleet: Password reset tokens remain valid after password change for 24 hours in github.com/fleetdm/fleet. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

5.9AI score