CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6695 matches found

Vulnrichment•added 2026/06/02 12:0 a.m.•5 views

CVE-2026-38967

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values...

5.8AI score0.00332EPSS

Exploits0References2

EUVD•added 2026/06/01 10:15 a.m.•9 views

EUVD-2026-33623

A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System up to 1.0. This issue affects the function createsupplier of the file /Exportcsv/export of the component Supplier Creation Interface. This manipulation of the argument Address/Company Name causes csv injection...

5.8CVSS5.5AI score0.00248EPSS

Exploits0References6

ATTACKERKB•added 2026/06/01 10:15 a.m.•7 views

CVE-2026-10248

5.8CVSS5.5AI score0.00248EPSS

Exploits0References6Affected Software1

EUVD•added 2026/06/01 7:49 a.m.•11 views

EUVD-2026-33589

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.8AI score0.00421EPSS

Exploits0References2

CNNVD•added 2026/06/01 12:0 a.m.•5 views

SourceCodester Pharmacy Sales and Inventory System 安全漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Versions of the SourceCodester Pharmacy Sales and Inventory System prior to version 1.0 contained security vulnerabilities. These vulnerabilities were...

5.8CVSS5AI score0.00248EPSS

Exploits0References6

CNNVD•added 2026/06/01 12:0 a.m.•9 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.2.2, there were security...

6.5CVSS5.3AI score0.00335EPSS

Exploits0References2

SUSE CVE•added 2026/05/30 1:59 a.m.•9 views

SUSE CVE-2026-48156

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. This vulnerability is fixed in 6.12.0...

5.1CVSS5.8AI score0.00123EPSS

Exploits0References3

OSV•added 2026/05/29 10:7 p.m.•6 views

GHSA-MCH8-WF3H-6X88 Admidio writes session IDs and auto-login cookie values to application logs

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

4.4CVSS5.8AI score0.00015EPSS

Exploits0References2

Snyk•added 2026/05/29 9:14 p.m.•7 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the parseheader process. An attacker can inject arbitrary carriage return and line feed characters into HTTP headers by sending specially crafted percent-encoded values, potentially leading to response splitting or...

9.9CVSS5.9AI score0.00254EPSS

Exploits1References2

NVD•added 2026/05/29 8:16 p.m.•9 views

CVE-2026-46384

iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, several Avro decoder paths read attacker-controlled 64-bit values from the wire format and either narrowed them to platform-sized int before bounds-checking, or summed them with overflow-prone signed-int arithmetic. On 32-bit targets...

8.7CVSS0.0031EPSS

Exploits0References1

NVD•added 2026/05/29 8:16 p.m.•9 views

CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

9.9CVSS0.00254EPSS

Exploits1References1

OSV•added 2026/05/29 8:16 p.m.•6 views

DEBIAN-CVE-2026-45372

9.9CVSS5.6AI score0.00254EPSS

Exploits1References1

OSV•added 2026/05/29 8:16 p.m.•7 views

UBUNTU-CVE-2026-45372

9.9CVSS5.6AI score0.00254EPSS

Exploits1References3

Vulnrichment•added 2026/05/29 7:58 p.m.•14 views

CVE-2026-46384 iskorotkov/avro: Integer Overflow in Avro Decoder

8.7CVSS5.9AI score0.0031EPSS

Exploits0References1

ATTACKERKB•added 2026/05/29 7:21 p.m.•8 views

CVE-2026-45372

9.9CVSS5.6AI score0.00254EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/29 4:18 p.m.•33 views

CVE-2026-10105 agno 2.6.5 SQL Injection via ClickHouse delete_by_metadata()

agno 2.6.5 contains a SQL injection vulnerability in the ClickHouse vector database backend that allows attackers to inject arbitrary SQL expressions by supplying malicious metadata keys and values to the deletebymetadata method. Attackers can exploit the unsafe f-string interpolation in...

8.7CVSS0.00309EPSS

Exploits0References5

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Avro 输入验证错误漏洞

Avro is a fast Go Avro decoder developed by hamba. Versions prior to Avro 2.33.0 contained a vulnerability related to input validation errors. This vulnerability stemmed from multiple Avro decoder paths reading 64-bit values controlled by an attacker and truncating or using overflow signed intege...

8.7CVSS5.9AI score0.0031EPSS

Exploits0References1

Packet Storm News•added 2026/05/29 12:0 a.m.•4 views

Stochastic Analysis of Cybersecurity Defense Strategies under Single Attack Scenario

This research presents a novel stochastic framework for proactive cybersecurity defense timing under a single attack scenario. The approach models the defense process as a continuous observation mechanism in which the defense instant and the subsequent observation slot follow independent...

5.8AI score

Exploits0