CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59350 matches found

RedhatCVE•added 2026/05/28 8:12 p.m.•9 views

CVE-2026-44329

free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the SBI can hit UPI endpoints with no Authorization header at all, and...

10CVSS5.8AI score0.00058EPSS

Exploits1References1

Snyk•added 2026/05/28 8:2 p.m.•7 views

Directory Traversal

Overview shamefile is an A cli tool to enforce documentation for code suppressions Affected versions of this package are vulnerable to Directory Traversal via the shame next process when processing a user-controlled shamefile.yaml. An attacker can disclose the contents of files outside the intend...

6.8CVSS6.3AI score

Exploits0References2

Cvelist•added 2026/05/28 7:40 p.m.•28 views

CVE-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

4.1CVSS0.00023EPSS

Exploits0References1

Debian CVE•added 2026/05/28 6:59 p.m.•8 views

CVE-2026-49127

Music Player Daemon MPD before version 0.24.11 contains a stack buffer overflow vulnerability in the pcmunpack24be function in src/pcm/Pack.cxx that allows unauthenticated attackers to corrupt stack memory by triggering an off-by-one write in the PCM decoder plugin. Attackers can issue two MPD...

8.8CVSS6.1AI score0.00083EPSS

Exploits0

OSV•added 2026/05/28 5:44 p.m.•4 views

GHSA-4Q5V-7G7X-J79W compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

Relevant Products/Components: trestle/core/commands/author/jinja.py trestle author jinja --- Detailed Description: The -o/--output argument in trestle author jinja allows writing files outside the intended workspace. The application does not properly validate: ../ ..\ absolute paths This allows...

8.4CVSS6.2AI score

Exploits0References4

Github Security Blog•added 2026/05/28 5:44 p.m.•13 views

compliance-trestle - jinja has an Arbitrary File Write via Path Traversal

6.2AI score

Exploits0References4Affected Software1

NVD•added 2026/05/28 5:16 p.m.•8 views

CVE-2026-41160

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, a business logic flaw Broken Access Control in EspoCRM 9.3.3 allows low-privileged users to pin arbitrary notes without having the required edit permissions for the parent object. Due to a "write first,...

4.3CVSS0.00041EPSS

Exploits0References1

Snyk•added 2026/05/28 4:50 p.m.•6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the bzip2recover utility when processing a specially crafted file. An attacker can cause memory corruption and application crash by supplying a malicious input file. Remediation A fix was pushed into the master...

5.1CVSS5.8AI score0.00021EPSS

Exploits0References2

ATTACKERKB•added 2026/05/28 4:24 p.m.•6 views

CVE-2026-41160

4.3CVSS6AI score0.00041EPSS

Exploits0References2Affected Software1

GithubExploit•added 2026/05/28 3:27 p.m.•55 views

Exploit for Improper Authentication in Influxdata Influxdb

LAB 5-CVE-2019-20933 I. SYSTEM ANALYSIS Identify...

9.8CVSS7.6AI score0.93745EPSS

Exploits3

ATTACKERKB•added 2026/05/28 2:44 p.m.•7 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00082EPSS

Exploits0References2Affected Software1

NVD•added 2026/05/28 2:16 p.m.•8 views

CVE-2026-42250

bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash denial of service. This issue was fixed in bzip2...

4.8CVSS0.00021EPSS

Exploits0References4

NVD•added 2026/05/28 10:16 a.m.•7 views

CVE-2026-46154

In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...

7CVSS0.00013EPSS

Exploits0References3

NVD•added 2026/05/28 10:16 a.m.•9 views

CVE-2026-46114

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMICWRITE payloads atomicwritereply at drivers/infiniband/sw/rxe/rxeresp.c unconditionally dereferences 8 bytes at payloadaddrpkt: value = u64 payloadaddrpkt; checkrkey previously accepted an...

7.5CVSS0.00057EPSS

Exploits0References5

OSV•added 2026/05/28 10:16 a.m.•2 views

UBUNTU-CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

7.1CVSS5.7AI score0.00013EPSS

Exploits0References6

OSV•added 2026/05/28 10:16 a.m.•4 views

UBUNTU-CVE-2026-46114

7.5CVSS5.7AI score0.00057EPSS

Exploits0References8

OSV•added 2026/05/28 10:16 a.m.•5 views

UBUNTU-CVE-2026-46154

7CVSS5.7AI score0.00013EPSS

Exploits0References6

ATTACKERKB•added 2026/05/28 9:36 a.m.•6 views

CVE-2026-46175