CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

144 matches found

NVD•added 2026/05/15 3:16 a.m.•12 views

CVE-2025-0028

An unchecked return value within the AMD Platform Management Framework PMF could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality, integrity, or availability...

8.3CVSS0.00016EPSS

Exploits0References1

CVE•added 2026/05/15 1:52 a.m.•12 views

CVE-2025-0028

The AMD PMF (Platform Management Framework) vulnerability CVE-2025-0028 stems from an unchecked return value in the PMF that could enable a local attacker to read or modify an arbitrary address, risking confidentiality, integrity, and availability. The issue is tied to the AMD chipset driver/PMF ...

8.3CVSS5.9AI score0.00016EPSS

Exploits0References1

Redos•added 2026/05/06 12:0 a.m.•3 views

ROS-20260506-73-0022

Vulnerability in tomcat10 related to url redirection to untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely to redirect a user to an arbitrary url address...

6.1CVSS5.9AI score0.00033EPSS

Exploits0

NVD•added 2026/04/20 4:16 p.m.•2 views

CVE-2026-25883

Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL that receives HTTP POST requests when meetings complete. The application performs no validation on th...

5.8CVSS0.00043EPSS

Exploits0References1

CNNVD•added 2026/04/18 12:0 a.m.•4 views

NovumOS 安全漏洞

NovumOS is an 32-bit protected mode operating system developed by MinecAnton209. Versions of NovumOS prior to 0.24 contained security vulnerabilities. These vulnerabilities stemmed from system call 15, which allowed Ring 3 user-mode processes to map arbitrary virtual address ranges into their own...

9CVSS5.9AI score0.00008EPSS

Exploits1References2

RedhatCVE•added 2026/04/03 4:59 p.m.•3 views

CVE-2026-26927

Szafir SDK Web is a browser plug-in that can run SzafirHost application which download the necessary files when launched. In Szafir SDK Web it is possible to change the URL HTTP Origin of the application call location. An unauthenticated attacker can craft a website that is able to launch...

5.1CVSS6.2AI score0.00017EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 2:27 p.m.•27 views

CVE-2021-27043

An Arbitrary Address Write issue in the Autodesk DWG application can allow a malicious user to leverage the application to write in unexpected paths. In order to exploit this the attacker would need the victim to enable full page heap in the application...

7.8CVSS6.8AI score0.00217EPSS

Exploits0References1

Tenable Nessus•added 2026/03/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-2509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process,...

7.8CVSS6AI score0.00027EPSS

Exploits1References2

EUVD•added 2026/02/26 6:31 p.m.•3 views

EUVD-2026-8860

A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...

4.3CVSS5.6AI score0.00048EPSS

Exploits0References3

NVD•added 2026/02/26 4:24 p.m.•3 views

CVE-2026-28295

4.3CVSS0.00048EPSS

Exploits0References2

NVD•added 2026/02/05 9:15 p.m.•5 views

CVE-2026-0106

In vpummap of vpuioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.3CVSS0.00004EPSS

Exploits0References1

Positive Technologies•added 2026/02/04 12:0 a.m.•5 views

PT-2026-6005

Name of the Vulnerable Software and Affected Versions Android VPU driver versions prior to the February 2026 security patch Description The issue resides within the vpu ioctl function, specifically in the vpu mmap component. A missing bounds check allows for a potential arbitrary address mapping...

9.3CVSS6AI score0.00004EPSS

Exploits0References15

RedhatCVE•added 2026/01/09 10:16 a.m.•6 views

CVE-2019-2249

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081,...

10CVSS7.6AI score0.00483EPSS

Exploits0References1

CVE•added 2025/11/24 9:0 p.m.•11 views

CVE-2025-48511

AMD uProf (μProf) contains an improper input validation vulnerability that can allow a local attacker to write to an arbitrary physical address, potentially causing a crash or denial of service. Affected environments include Windows, Linux, and FreeBSD per CNVD/CVEs. The root cause and impact are...

5.5CVSS6.2AI score0.00032EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/11/07 5:55 p.m.•0 views

CVE-2025-64430 Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions 4.2.0 through 7.5.3, and 8.0.0 through 8.3.1-alpha.1, there is a Server-Side Request Forgery SSRF vulnerability in the file upload functionality when trying to upload a Parse.File...

7.5CVSS6.6AI score0.00073EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-9683

Malware in sbrugna...

6.5CVSS6.6AI score0.00506EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2021-12351

Malware in sbrugna...

4.3CVSS4.5AI score0.00061EPSS

Exploits0References2