CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/19 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2026-8851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to...

OSV•added 2026/05/18 9:16 p.m.•1 views

DEBIAN-CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

EUVD•added 2026/05/18 8:10 p.m.•8 views

EUVD-2026-30804

SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...

ATTACKERKB•added 2026/05/18 8:10 p.m.•4 views

CVE-2026-8851

OPENSUSE Linux•added 2026/04/30 12:0 a.m.•1 views

Exploits0References4

Security update for ntfs-3g_ntfsprogs (important)

openSUSE security update: security update for ntfs-3gntfsprogs ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20651-1 Rating: important References: bsc1262216 Cross-References: CVE-2026-40706 CVSS scores: CVE-2026-40706 SUSE : 7.8...

8.5CVSS5.7AI score0.00018EPSS

SUSE CVE•added 2026/04/22 1:36 a.m.•2 views

SUSE CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

7.8CVSS6AI score0.00018EPSS

Exploits0References5

Tenable Nessus•added 2026/04/22 12:0 a.m.•3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013488)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013488 advisory. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix reference count leak in smbcheckpermdacl The issue happens in a specific path in...

5.5CVSS5.7AI score0.00143EPSS

Exploits0References4

ATTACKERKB•added 2026/04/15 8:45 p.m.•1 views

CVE-2026-22676

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

8.5CVSS6AI score0.00015EPSS

Cvelist•added 2026/03/26 6:55 a.m.•29 views

CVE-2026-32680

The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...

8.5CVSS0.00007EPSS

CVE•added 2026/03/26 6:55 a.m.•6 views

CVE-2026-32680

The issue concerns RATOC RAID Monitoring Manager for Windows. If users customize the installer’s target folder, that folder may retain insecure ACLs, allowing non-administrative users to alter its contents. This can enable a non-administrative user to execute arbitrary code with SYSTEM privileges...

8.5CVSS7.4AI score0.00007EPSS

NVD•added 2026/03/25 8:16 p.m.•3 views

CVE-2026-33217

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

7.1CVSS0.00036EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•2 views

PT-2026-27907

Name of the Vulnerable Software and Affected Versions SimpLy Gallery versions n/a through 3.3.2 Description An improper validation of the specified quantity in input within the GalleryCreator SimpLy Gallery simply-gallery-block component allows access to functionality that is not properly...

9.9CVSS5.9AI score0.00094EPSS

OSV•added 2026/03/20 8:44 p.m.•6 views

GHSA-FPH2-R4QG-9576 Parse Server's LiveQuery bypasses CLP pointer permission enforcement

Impact Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions,...

7.1CVSS5.8AI score0.00012EPSS

Exploits0References7

RedhatCVE•added 2026/01/09 8:35 a.m.•11 views

CVE-2020-10140

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because some privileged processes are executed from the C:\ProgramData\Acronis, an unprivileged user can achieve arbitrary code execution with SYSTEM privileges by placing a DLL in one of several paths...

7.8CVSS7.5AI score0.00045EPSS

CVE•added 2026/01/08 9:17 a.m.•6 views

CVE-2025-14358

CVE-2025-14358 is a Missing Authorization flaw in the WordPress reHub Framework (REHub Framework) affecting versions up to and including 19.9.5. The issue enables access to functionality that is not properly constrained by ACLs, with the CVSS v3.1 base score of 7.5 (Network, Low attack complexity...

7.5CVSS6.6AI score0.00041EPSS

RedhatCVE•added 2025/12/18 1:52 a.m.•2 views

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

8.4CVSS6.6AI score0.00015EPSS

EUVD•added 2025/12/18 12:34 a.m.•1 views

EUVD-2025-204000

8.4CVSS6.1AI score0.00015EPSS