CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/12 2:29 p.m.•9 views

EUVD-2026-36488

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS

Vulnrichment•added 2026/06/12 2:29 p.m.•11 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS

Cvelist•added 2026/06/12 2:29 p.m.•23 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS0.00435EPSS

CVE•added 2026/06/12 2:29 p.m.•39 views

CVE-2026-40677

The vulnerability CVE-2026-40677 affects AMD optional tools that use insecure HTTP transport, enabling a potential attacker to perform a man-in-the-middle attack and potentially achieve arbitrary code execution. The issue stems from unencrypted transport within these tools, which could allow inte...

7.7CVSS5.7AI score0.00435EPSS

EUVD•added 2026/06/12 2:17 p.m.•8 views

EUVD-2026-36448

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, a sandbox escape vulnerability in vm2 allows arbitrary code execution in the host process when untrusted code is executed with async support on runtimes exposing WebAssembly JSPI WebAssembly.promising / WebAssembly.Suspending...

9.8CVSS6AI score0.00507EPSS

NVD•added 2026/06/12 2:16 p.m.•10 views

CVE-2026-11967

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable. Because the application automatically loads the winspool.drv library from that location during startup, an...

8.5CVSS0.00108EPSS

Vulnrichment•added 2026/06/12 2:14 p.m.•7 views

CVE-2026-47131 vm2: Sandbox Escape

10CVSS5.5AI score0.004EPSS

CVE•added 2026/06/12 2:14 p.m.•20 views

CVE-2026-47131

vm2 prior to 3.11.4 contains a sandbox escape: by using Buffer.call.call with {}.lookupGetter /lookupSetter and Node.js ERR_INVALID_ARG_TYPE, an attacker can obtain the host TypeError constructor and break out of the sandbox, enabling arbitrary code execution. The issue is fixed in vm2 v3.11.4. R...

10CVSS5.4AI score0.004EPSS

Vulnrichment•added 2026/06/12 1:30 p.m.•10 views

CVE-2026-11967 Arbitrary code execution in MobaXterm Personal Edition (Portable)

Cvelist•added 2026/06/12 1:30 p.m.•26 views

CVE-2026-11967 Arbitrary code execution in MobaXterm Personal Edition (Portable)

8.5CVSS0.00108EPSS

EUVD•added 2026/06/12 1:29 p.m.•9 views

EUVD-2026-36425

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

Cvelist•added 2026/06/12 1:29 p.m.•27 views

CVE-2026-11879 Arbitrary code execution in MobaXterm Personal Edition (Portable)

8.5CVSS0.00108EPSS

Vulnrichment•added 2026/06/12 1:29 p.m.•9 views

CVE-2026-11879 Arbitrary code execution in MobaXterm Personal Edition (Portable)

OSV•added 2026/06/12 12:26 p.m.•8 views

OESA-2026-2653 perl-IO-Compress security update

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. Security Fixes: IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. parseOutputGlob...

7.3CVSS5.9AI score0.00304EPSS

Exploits2References2

OSV•added 2026/06/12 12:26 p.m.•8 views

OESA-2026-2652 perl-IO-Compress security update

7.3CVSS5.9AI score0.00304EPSS

Exploits2References2

OSV•added 2026/06/12 8:51 a.m.•6 views

BIT-SQLITE-2026-11822 SQLite before 3.53.2 Memory Corruption in FTS5 Extension

SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by supplying a crafted database with malformed FTS5 page data. Attackers can trigger an out-of-bound...

8.5CVSS6.5AI score0.00175EPSS

Exploits0References5

SUSE CVE•added 2026/06/12 2:32 a.m.•12 views

SUSE CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS5.7AI score0.00252EPSS

Exploits0References5

Tenable Nessus•added 2026/06/12 12:0 a.m.•11 views

Adobe Substance 3D Sampler <= 6.0.0 Multiple Arbitrary Code Execution Vulnerabilities (APSB26-60)

The version of Adobe Substance 3D Sampler installed on the remote host is prior or equal to 6.0.0. It is, therefore, affected by multiple out-of-bounds write vulnerabilities as referenced in the APSB26-60 advisory. - Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bound...

7.8CVSS6.2AI score0.00144EPSS

Exploits0References5

Positive Technologies•added 2026/06/12 12:0 a.m.•9 views

PT-2026-48864