CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•6 views

EUVD-2026-38675

4.3CVSS5.8AI score0.0024EPSS

CVE•added 3 days ago•7 views

CVE-2026-9616

The CVE concerns the WordPress plugin Generate Security.txt (

4.3CVSS5.8AI score0.0024EPSS

Cvelist•added 3 days ago•30 views

CVE-2026-9616 Generate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX Action

4.3CVSS0.0024EPSS

Github Security Blog•added 2026/06/15 8:56 p.m.•14 views

Nuxt: Dev server discloses project absolute path and persistent workspace UUID via `/.well-known/appspecific/com.chrome.devtools.json`

Summary When running nuxt dev, Nuxt registers an unauthenticated route at /.well-known/appspecific/com.chrome.devtools.json that returns the absolute filesystem path of the project root and a per-project UUID persisted to nodemodules/.cache/nuxt/chrome-workspace.json. The route is enabled by...

5.5AI score

Exploits0References4Affected Software1

RedhatCVE•added 2026/06/05 7:21 p.m.•10 views

CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

7.5CVSS5.4AI score0.00503EPSS

SUSE CVE•added 2026/05/08 2:22 a.m.•6 views

SUSE CVE-2026-41642

OSV•added 2026/05/07 12:16 p.m.•7 views

Exploits1References3

DEBIAN-CVE-2026-41642

Vulnrichment•added 2026/05/07 11:50 a.m.•5 views

CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Debian CVE•added 2026/05/07 11:50 a.m.•6 views

Exploits1References2

CVE-2026-41642

Snyk•added 2026/04/29 8:43 p.m.•3 views

Exploits1

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the recvMessageloop process. An attacker can cause the daemon to crash by sending a specially crafted BGP UPDATE message containing an unrecognized Path Attribute marked as "Well-known," which leads to a nil...

8.7CVSS5.8AI score0.00503EPSS

Exploits1References2

OSV•added 2026/04/29 8:43 p.m.•6 views

GHSA-7235-89M6-F4PX GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

Summary A remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to interrupt the message handling flow. This results in an illegal memory...

7.5CVSS5.9AI score0.00503EPSS

Exploits1References4

Github Security Blog•added 2026/04/29 8:43 p.m.•10 views

GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

7.5CVSS5.7AI score0.00503EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/04/29 12:0 a.m.•8 views

PT-2026-37135

Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...

RedhatCVE•added 2026/03/26 3:1 p.m.•4 views

Exploits1References5

CVE-2026-27703

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In 2026.01 and earlier, the default handler for the wellknowncore resource coapwellknowncoredefaulthandler writes user-provided option data and...

9.8CVSS6.2AI score0.00483EPSS

Cvelist•added 2026/03/11 7:38 p.m.•31 views

CVE-2026-27703 RIOT has an Out-of-Bounds Write in nanoCoAP Handler

7.5CVSS0.00483EPSS