CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

118 matches found

OSV•added 2 days ago•2 views

MINI-4428-WMPJ-JCVP

Bulletin has no description...

4.3CVSS5.2AI score0.00021EPSS

Exploits0

OSV•added 2026/04/01 9:22 a.m.•2 views

CLEANSTART-2026-HH87643 Security fixes for CVE-2026-4428, ghsa-2gh3-rmm4-6rq5, ghsa-394x-vwmw-crm3, ghsa-434x-w66g-qw3r, ghsa-65p9-r9h6-22vj, ghsa-9f94-5g5w-gf6r, ghsa-hfpc-8r3f-gw53, ghsa-r6v5-fh4h-64xc, ghsa-rhfx-m35p-ff5j, ghsa-vw5v-4f2q-w9xf, ghsa-xwfj-jgwm-7wp5 applied in versions: 1.26.8-r0, 1.26.8-r1

Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.9AI score0.00026EPSS

Exploits0References13

OSV•added 2026/04/01 9:22 a.m.•1 views

CLEANSTART-2026-KW90815 Security fixes for CVE-2026-4428, ghsa-2gh3-rmm4-6rq5, ghsa-394x-vwmw-crm3, ghsa-434x-w66g-qw3r, ghsa-65p9-r9h6-22vj, ghsa-9f94-5g5w-gf6r, ghsa-hfpc-8r3f-gw53, ghsa-r6v5-fh4h-64xc, ghsa-rhfx-m35p-ff5j, ghsa-vw5v-4f2q-w9xf, ghsa-xwfj-jgwm-7wp5 applied in versions: 1.27.5-r1, 1.27.6-r0, 1.27.6-r1, 1.27.8-r0

Multiple security vulnerabilities affect the ztunnel-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.9AI score0.00026EPSS

Exploits0References13

Tenable Nessus•added 2026/03/20 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a...

9.1CVSS5.8AI score0.00026EPSS

Exploits0References2

Circl•added 2026/03/19 10:2 p.m.•3 views

CVE-2026-4428

creationtimestamp| type| source ---|---|--- 2026-03-19 22:02:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhgywqm6hc2n 2026-03-20 06:55:24+00:00| seen| https://bsky.app/profile/alexpulver.bsky.social/post/3mhhwppiyli2e 2026-03-20 21:06:22+00:00| seen|...

9.1CVSS5.3AI score0.00026EPSS

Exploits0References3

vulnersOsv•added 2026/03/19 12:0 p.m.•1 views

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:RUSTSEC-2026-0048...

9.1CVSS5.8AI score0.00026EPSS

Exploits0

EUVD•added 2026/01/23 3:1 a.m.•1 views

EUVD-2026-4428

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

5.3CVSS6.1AI score0.00018EPSS

Exploits0References3

OSV•added 2025/09/15 1:11 a.m.•2 views

ECHO-5047-4428-BB74

Bulletin has no description...

7.8CVSS7AI score0.00013EPSS

Exploits0References1

Metasploit•added 2025/06/04 6:55 p.m.•480 views

Ivanti EPMM Authentication Bypass for Expression Language Remote Code Execution

This module exploits an unauthenticated remote code execution exploit chain for Ivanti EPMM, tracked as CVE-2025-4427 and CVE-2025-4428. An authentication flaw permits unauthenticated access to an administrator web API endpoint, which allows for code execution via expression language injection...

8.8CVSS8.5AI score0.91261EPSS

Exploits10

vulnersOsv•added 2025/06/03 9:30 p.m.•7 views

com.github.jinahya:jsonrpc-bind-tests (=0.7.1), org.amebastack.container:ameba-container-grizzly (>=0.1.6c <=0.1.6e) +185 more potentially affected by CVE-2020-5245 +3 more via org.hibernate.validator:hibernate-validator (>=7.0.0.Alpha1 <=7.0.0.Alpha6)

org.hibernate.validator:hibernate-validator MAVEN version =7.0.0.Alpha1, =0.1.6c, =0.1.2, =0.1.2, =0.1.2, =0.1.6c, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0-RC1 and more Source cves: CVE-2020-5245, CVE-2025-35036, CVE-2025-4427, CVE-2025-4428 Source advisory: OSV:GHSA-7V6M-28JR-RG84...

9CVSS7.3AI score0.91261EPSS

Exploits11

Rapid7 Blog•added 2025/05/16 11:0 a.m.•6 views

Ivanti Endpoint Manager Mobile exploit chain exploited in the wild

On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile EPMM: CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications,...

8.8CVSS9.4AI score0.91261EPSS

Exploits10

Packet Storm News•added 2025/05/16 12:0 a.m.•9 views

Ivanti EPMM Pre-Auth RCE Chain 1day Detection Artifact Generator Tool

This script attempts to detect if Ivanti EPMM is vulnerable to CVE-2025-4427 and CVE-2025-4428. It affects versions 11.12.0.4 and prior, 12.3.0.1 and prior, 12.4.0.1 and prior, and 12.5.0.0 and prior...

8.8CVSS7AI score0.91261EPSS

Exploits10

RedhatCVE•added 2025/05/15 4:34 p.m.•22 views

CVE-2025-4428

8.8CVSS8.3AI score0.40984EPSS

Exploits10References1

GithubExploit•added 2025/05/15 1:59 p.m.•393 views

Exploit for Authentication Bypass Using an Alternate Path or Channel in Ivanti Endpoint_Manager_Mobile

CVE-2025-4427 and CVE-2025-4428 Ivanti EPMM Chain Ivanti EPMM...

8.8CVSS8.7AI score0.91261EPSS

Exploits10

Circl•added 2025/05/13 4:30 p.m.•22 views

CVE-2025-4428

creationtimestamp| type| source ---|---|--- 2025-05-13 16:30:39+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lp2vhy3fbjz2 2025-05-13 16:30:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16168 2025-05-13 16:48:00+00:00| seen|...

8.8CVSS7.8AI score0.40984EPSS

Exploits10References176

NVD•added 2025/05/13 4:15 p.m.•19 views

CVE-2025-4428

8.8CVSS0.40984EPSS

Exploits10References2

Cvelist•added 2025/05/13 3:46 p.m.•23 views

CVE-2025-4428 Remote Code Execution

7.2CVSS0.40984EPSS

Exploits10References1

CVE•added 2025/05/13 3:46 p.m.•275 views

CVE-2025-4428

Ivanti Endpoint Manager Mobile (EPMM) Code Injection vulnerability (CVE-2025-4428). An authenticated attacker can remotely execute arbitrary code via crafted API requests in the API component. Root cause cited as insecure implementation/interpolation involving the Hibernate Validator library, wit...

8.8CVSS7.4AI score0.40984EPSS

In wildExploits10References2Affected Software1

Ivanti•added 2025/05/13 3:36 p.m.•32 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) May 2025 (CVE-2025-4427 and CVE-2025-4428)

Ivanti has released updates for Endpoint Manager Mobile EPMM which addresses one medium and one high severity vulnerability. When chained together, successful exploitation could lead to unauthenticated remote code execution. We are aware of a very limited number of customers whose solution has be...

8.8CVSS9.2AI score0.91261EPSS

Exploits10

ATTACKERKB•added 2025/05/13 12:0 a.m.•26 views

CVE-2025-4428

Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. Recent assessments: remmons-r7 at May 22, 2025 5:27am UTC reported: On May 13, 2025, Ivanti...

8.8CVSS9.2AI score0.91261EPSS

In wildExploits10References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by