CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11447 matches found

Tenable Nessus•added 2026/02/05 12:0 a.m.•4 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2026-1405)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1405 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS7.8AI score0.00765EPSS

Exploits2References10

RedhatCVE•added 2026/02/04 7:28 p.m.•4 views

CVE-2026-24985

Missing Authorization vulnerability in approveme WP Forms Signature Contract Add-On wp-forms-signature-contract-add-on allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Forms Signature Contract Add-On: from n/a through = 1.8.2...

4.3CVSS5.3AI score0.00185EPSS

Exploits0References1

NVD•added 2026/02/04 5:16 p.m.•6 views

CVE-2026-23096

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdevdeviceadd fails, it internally releases the cdev memory, and if cdevdevicedel is then executed, it will cause a hang error. To fix it, we check the return value of cdevdevicea...

5.5CVSS0.00114EPSS

Exploits0References7

UbuntuCve•added 2026/02/04 5:16 p.m.•4 views

CVE-2026-23049

In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 panel is missing and devmdrmpanelbridgeadd requires connector type to be set. This leads to a warning a...

5.9AI score0.00173EPSS

Exploits0References25

OSV•added 2026/02/04 5:16 p.m.•2 views

UBUNTU-CVE-2026-23096

5.5CVSS5.7AI score0.00114EPSS

Exploits0References28

UbuntuCve•added 2026/02/04 5:16 p.m.•4 views

CVE-2026-23103

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrslock be per port Make the addrslock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. ...

7.8CVSS6AI score0.00107EPSS

Exploits0References25

UbuntuCve•added 2026/02/04 5:16 p.m.•3 views

CVE-2026-23096

5.5CVSS5.7AI score0.00114EPSS

Exploits0References25

CVE•added 2026/02/04 4:8 p.m.•26 views

CVE-2026-23103

Technical details about CVE-2026-23103 are not provided in the supplied documents. The description mentions making addrs_lock per port and related fixes, but lacks explicit affected products, versions, or remediation steps. Monitor for updates.

7.8CVSS5.3AI score0.00107EPSS

Exploits0References7Affected Software1

EUVD•added 2026/02/04 4:8 p.m.•5 views

EUVD-2026-5446

5.2AI score0.00114EPSS

Exploits0References4

CVE•added 2026/02/04 4:8 p.m.•17 views

CVE-2026-23096

CVE-2026-23096 affects the Linux kernel UACCE accelerator framework (uacce). The issue is in the cleanup path: if cdev_device_add fails, the kernel releases the cdev memory, and later a cdev_device_del could hang. The fix adds a check on the return value of cdev_device_add and clears uacce->cd...

5.5CVSS5.2AI score0.00114EPSS

Exploits0References7Affected Software1

ATTACKERKB•added 2026/02/04 4:4 p.m.•3 views

CVE-2026-23049

5.2AI score0.00173EPSS

Exploits0References8Affected Software1

RedhatCVE•added 2026/02/04 3:15 a.m.•15 views

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

4.1CVSS5.5AI score0.00227EPSS

Exploits0References1

Tenable Nessus•added 2026/02/04 12:0 a.m.•4 views

Microhard IPn4G Cellular Gateways Cross-Site Request Forgery (CVE-2018-25149)

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

6.5CVSS5.1AI score0.00194EPSS

Exploits2References5

NVD•added 2026/02/03 10:16 p.m.•6 views

CVE-2020-37074

Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a malicious payload file to trigger a structured exception handler SEH bypass and execute shellcode when...

9.8CVSS0.00337EPSS

Exploits0References3

Vulnrichment•added 2026/02/03 10:1 p.m.•4 views

CVE-2020-37091 Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin)

Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin users and upload PHP files with unrestricted file upload capabilities through the FA...

5.3CVSS5.2AI score0.0015EPSS

Exploits0References3

Vulnrichment•added 2026/02/03 10:1 p.m.•3 views

CVE-2020-37075 LanSend 3.2 - Buffer Overflow (SEH)

LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload file to trigger a structured exception handler SEH overwrite and execute shellcode when...

9.8CVSS6.1AI score0.00453EPSS

Exploits0References3

CVE•added 2026/02/03 10:1 p.m.•13 views

CVE-2020-37075

Affected software: LanSend 3.2. Vulnerability: Buffer overflow in the Add Computers Wizard file import functionality. This allows overwriting Structured Exception Handler (SEH) and executing shellcode when importing a crafted payload file. Impact: Remote code execution with high impact to confide...

9.8CVSS6.1AI score0.00453EPSS

Exploits0References3