CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120629 matches found

OSV•added 2026/05/18 12:0 a.m.•5 views

ALSA-2026:18028 Moderate: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 For more details about the security issues, including the...

7.5CVSS6.7AI score0.01052EPSS

Exploits1References4

AlmaLinux•added 2026/05/18 12:0 a.m.•9 views

Critical: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

9.2CVSS6.1AI score0.23018EPSS

Exploits38References4

AlmaLinux•added 2026/05/18 12:0 a.m.•10 views

Important: ruby:3.3 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

8.1CVSS6.2AI score0.00508EPSS

Exploits0References4

AlmaLinux•added 2026/05/18 12:0 a.m.•7 views

Moderate: libpng security update

7.5CVSS6.7AI score0.01052EPSS

Exploits1References4

AlmaLinux•added 2026/05/18 12:0 a.m.•5 views

Critical: nginx:1.24 security update

9.2CVSS5.9AI score0.23018EPSS

Exploits38References4

AlmaLinux•added 2026/05/18 12:0 a.m.•6 views

Important: ruby security update

8.1CVSS6.2AI score0.00508EPSS

Exploits0References4

Tenable Nessus•added 2026/05/18 12:0 a.m.•5 views

RHEL 10 : libpng (RHSA-2026:18064)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18064 advisory. The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes:...

7.5CVSS6.7AI score0.01052EPSS

Exploits1References5

Tenable Nessus•added 2026/05/18 12:0 a.m.•8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libarchive (UTSA-2026-021482)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021482 advisory. A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can explo...

9.8CVSS7.6AI score0.01073EPSS

Exploits0References4

Snyk•added 2026/05/17 1:36 p.m.•4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the importBinaryModel function in the JAR Handler component. An attacker can execute arbitrary code or manipulate application behavior by providing specially crafted JAR with embedded into a model...

9.8CVSS6AI score0.00409EPSS

Exploits0References2

Snyk•added 2026/05/17 1:36 p.m.•3 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

8.8CVSS6.1AI score0.0031EPSS

Exploits0References2

NVD•added 2026/05/17 1:16 p.m.•15 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS0.00576EPSS

Exploits0References4

CVE•added 2026/05/17 12:11 p.m.•15 views

CVE-2018-25328

VX Search 10.6.18 is affected by a local buffer overflow in the directory field. The vulnerability can be triggered by an oversized input file containing 271 bytes of junk data followed by a return address, allowing an attacker to overwrite the instruction pointer and execute arbitrary code with ...

8.6CVSS6.4AI score0.00148EPSS

Exploits0References4

CVE•added 2026/05/17 12:11 p.m.•13 views

CVE-2018-25323

CVE-2018-25323 affects Allok AVI DivX MPEG to DVD Converter version 2.6.1217. A vulnerability in the License Name field allows a locally authenticated attacker to trigger a structured exception handler (SEH) buffer overflow by pasting a specially crafted payload, leading to arbitrary code executi...

8.6CVSS6.4AI score0.00138EPSS

Exploits0References2

EUVD•added 2026/05/17 12:11 p.m.•8 views

EUVD-2018-21843

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS6.4AI score0.00148EPSS

Exploits0References4

CVE•added 2026/05/17 12:11 p.m.•10 views

CVE-2018-25320

CVE-2018-25320 affects ACL Analytics 11.x through 13.0.0.579. The vulnerability is an arbitrary code execution via the EXECUTE function, enabling an attacker to run commands with SYSTEM privileges. Reported chain includes using bitsadmin to download malicious PowerShell scripts and execute them t...

9.8CVSS6.5AI score0.00576EPSS

Exploits0References4