CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Github Security Blog•added 6 days ago•4 views

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS

Exploits0References4Affected Software1

EUVD•added 6 days ago•8 views

EUVD-2026-37990

5CVSS5.9AI score0.00208EPSS

CVE•added last week•13 views

CVE-2026-48980

The PAM module pam_usb is affected by a local-access vulnerability in earlier releases (pre-0.9.2) where getenv() in a PAM context returns attacker-controlled values for XRDP_SESSION, DISPLAY, and TMUX when the environment is manipulated by a local user. These values influence local-vs-remote ses...

6.3CVSS5.3AI score0.00127EPSS

Fedora•added 2026/06/13 1:13 a.m.•7 views

[SECURITY] Fedora 44 Update: varnish-modules-0.27.0-4.fc44

This is a collection of modules "vmods" extending Varnish VCL used for describing HTTP request/response policies with additional capabilities. This collection contains the following vmods: bodyaccess, header, saintmode, tcp, var, vsthrottle, xkey...

5.4AI score

Exploits0

NVD•added 2026/06/11 7:16 p.m.•8 views

CVE-2026-46519

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables ALLOWONLYREADONLYTOOLS, ALLOWONLYNONDESTRUCTIVETOOLS, ALLOWEDTOOLS documented as access controls for restricting which...

8.8CVSS0.00376EPSS

CVE•added 2026/06/02 10:35 p.m.•27 views

CVE-2026-32625

LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...

9.6CVSS5.8AI score0.0294EPSS

Exploits1References1Affected Software1

Tenable Nessus•added 2026/05/26 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-48846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail...

6.5CVSS5.8AI score0.00339EPSS

OSV•added 2026/05/25 8:16 p.m.•6 views

DEBIAN-CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS5.8AI score0.00339EPSS

ATTACKERKB•added 2026/05/25 7:21 p.m.•6 views

CVE-2026-48846

6.5CVSS5.8AI score0.00339EPSS

Exploits0References6Affected Software1

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a potential double-free issue in createvarref. In createvarref, initvarref is called to initialize the fields of the reffield variable. This variable is allocated in the previous function call, to createhistfield...

7.8CVSS5.9AI score0.00282EPSS

Tenable Nessus•added 2026/05/14 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer- service.c in...

5.1CVSS5.6AI score0.0015EPSS

NVD•added 2026/05/13 1:1 p.m.•8 views

CVE-2026-44931

The newly introduced RecordUsage D-Bus method https://gitlab.freedesktop.org/pwithnall/malcontent/-/blob/0.14.0/libmalcontent-timer/child-timer-service.c in malcontent-timerd allows arbitrary users in the system to slowly fill up disk space in /var/lib/malcontent-timerd...

5.1CVSS0.0015EPSS

Exploits0References3

Debian CVE•added 2026/05/13 8:30 a.m.•5 views

CVE-2026-44931

ATTACKERKB•added 2026/05/13 8:30 a.m.•5 views

Exploits0

CVE-2026-44931

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/13 8:30 a.m.•7 views

CVE-2026-44931 malcontent: Disk Space Exhaustion via Globally Accessible D-Bus API

Positive Technologies•added 2026/05/13 12:0 a.m.•10 views

PT-2026-40587

Name of the Vulnerable Software and Affected Versions malcontent version 0.14.0 Description A D-Bus method RecordUsage in malcontent-timerd allows arbitrary system users to exhaust disk space in the /var/lib/malcontent-timerd directory. Recommendations At the moment, there is no information about...

OSSF Malicious Packages•added 2026/05/12 7:42 a.m.•12 views

Exploits0References5

Malicious code in enhancer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cefeea627aa1a0cc84aeedff1db0ae88ebf61b233bb9b20fa82b0a5fd0737cbf The distribution is published as enhancer but installs modules under the top-level safety namespace setup.py declares namespacepackages='safety' and...

5.9AI score

OSV•added 2026/05/11 12:8 a.m.•5 views

OSV-2026-712 Heap-buffer-overflow in Mat_VarGetCellsLinear

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=511531637 Crash type: Heap-buffer-overflow READ 8 Crash state: MatVarGetCellsLinear matiostructcellfuzzer.cpp...

5.8AI score