CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

205638 matches found

Hewlett-Packard•added 2026/05/18 12:0 a.m.•11 views

AMD Graphics May 2026 Security Update

AMD has informed HP of potential security vulnerabilities identified in some AMD Graphics for Windows, which might allow arbitrary code execution, escalation of privilege, denial of service, or information disclosure. AMD is releasing software updates to mitigate the potential vulnerabilities. AM...

8.8CVSS6AI score0.0017EPSS

Exploits0Affected Software21

OSV•added 2026/05/18 12:0 a.m.•10 views

ALSA-2026:18029 Critical: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

9.2CVSS6.1AI score0.00288EPSS

Exploits35References4

Tenable Nessus•added 2026/05/18 12:0 a.m.•6 views

RHEL 9 : ruby (RHSA-2026:18039)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18039 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management task...

8.1CVSS6.2AI score0.00048EPSS

Exploits0References4

OSV•added 2026/05/18 12:0 a.m.•5 views

ALSA-2026:18063 Critical: nginx security update

9.2CVSS5.9AI score0.00288EPSS

Exploits35References4

OSV•added 2026/05/18 12:0 a.m.•4 views

ALSA-2026:18064 Moderate: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 For more details about the security issues, including the...

7.5CVSS6.7AI score0.00026EPSS

Exploits1References4

OSV•added 2026/05/18 12:0 a.m.•4 views

ALSA-2026:18039 Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

8.1CVSS6.2AI score0.00048EPSS

Exploits0References4

OSV•added 2026/05/18 12:0 a.m.•8 views

ALSA-2026:18041 Critical: nginx:1.24 security update

9.2CVSS6.1AI score0.00288EPSS

Exploits35References4

AlmaLinux•added 2026/05/18 12:0 a.m.•6 views

Important: ruby security update

8.1CVSS6.2AI score0.00048EPSS

Exploits0References4

Snyk•added 2026/05/17 1:36 p.m.•4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the importBinaryModel function in the JAR Handler component. An attacker can execute arbitrary code or manipulate application behavior by providing specially crafted JAR with embedded into a model...

9.8CVSS6AI score0.00038EPSS

Exploits0References2

Snyk•added 2026/05/17 1:36 p.m.•3 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

8.8CVSS6.1AI score0.00081EPSS

Exploits0References2

NVD•added 2026/05/17 1:16 p.m.•11 views

CVE-2018-25328

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute...

8.6CVSS0.00018EPSS

Exploits0References4

NVD•added 2026/05/17 1:16 p.m.•15 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS0.00128EPSS

Exploits0References4

Cvelist•added 2026/05/17 12:11 p.m.•31 views

CVE-2018-25328 VX Search 10.6.18 Local Buffer Overflow via Directory Field

8.6CVSS0.00018EPSS

Exploits0References4

ATTACKERKB•added 2026/05/17 12:11 p.m.•4 views

CVE-2018-25328

8.6CVSS6.4AI score0.00018EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/17 12:11 p.m.•15 views

CVE-2018-25328

VX Search 10.6.18 is affected by a local buffer overflow in the directory field. The vulnerability can be triggered by an oversized input file containing 271 bytes of junk data followed by a return address, allowing an attacker to overwrite the instruction pointer and execute arbitrary code with ...

8.6CVSS6.4AI score0.00018EPSS

Exploits0References4

EUVD•added 2026/05/17 12:11 p.m.•8 views

EUVD-2018-21852

8.6CVSS6.4AI score0.00018EPSS

Exploits0References4

CVE•added 2026/05/17 12:11 p.m.•13 views

CVE-2018-25323

CVE-2018-25323 affects Allok AVI DivX MPEG to DVD Converter version 2.6.1217. A vulnerability in the License Name field allows a locally authenticated attacker to trigger a structured exception handler (SEH) buffer overflow by pasting a specially crafted payload, leading to arbitrary code executi...

8.6CVSS6.4AI score0.0002EPSS

Exploits0References2

EUVD•added 2026/05/17 12:11 p.m.•7 views

EUVD-2018-21843

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS6.4AI score0.00018EPSS

Exploits0References4