CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

205986 matches found

AlmaLinux•added 2026/05/18 12:0 a.m.•9 views

Important: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: erb: ERB: Arbitrary code execution via deserialization bypass CVE-2026-41316 For more details about the security issues, including...

8.1CVSS6.2AI score0.00508EPSS

Exploits0References4

AlmaLinux•added 2026/05/18 12:0 a.m.•12 views

Important: ruby:3.3 security update

8.1CVSS6.2AI score0.00508EPSS

Exploits0References4

OSV•added 2026/05/18 12:0 a.m.•11 views

ALSA-2026:18041 Critical: nginx:1.24 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

9.2CVSS6.1AI score0.5331EPSS

Exploits39References4

Tenable Nessus•added 2026/05/18 12:0 a.m.•6 views

RHEL 10 : ruby (RHSA-2026:18065)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18065 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management...

8.1CVSS6.2AI score0.00508EPSS

Exploits0References4

OSV•added 2026/05/18 12:0 a.m.•6 views

ALSA-2026:18039 Important: ruby security update

8.1CVSS6.2AI score0.00508EPSS

Exploits0References4

OSV•added 2026/05/18 12:0 a.m.•9 views

ALSA-2026:18065 Important: ruby security update

8.1CVSS6.2AI score0.00508EPSS

Exploits0References4

OSV•added 2026/05/18 12:0 a.m.•7 views

ALSA-2026:18028 Moderate: libpng security update

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics PNG image format files. Security Fixes: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 For more details about the security issues, including the...

7.5CVSS6.7AI score0.01052EPSS

Exploits1References4

Snyk•added 2026/05/17 1:36 p.m.•4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the importBinaryModel function in the JAR Handler component. An attacker can execute arbitrary code or manipulate application behavior by providing specially crafted JAR with embedded into a model...

9.8CVSS6AI score0.00409EPSS

Exploits0References2

Snyk•added 2026/05/17 1:36 p.m.•5 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the pre-auth logic that enables an attacker to activate the default-disabled POJO import feature. The attacker can then upload and import a malicious Java POJO leading to execution of arbitrary code by...

8.8CVSS6.1AI score0.0031EPSS

Exploits0References2

NVD•added 2026/05/17 1:16 p.m.•13 views

CVE-2018-25328

VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying an oversized string in the directory field. Attackers can craft a malicious input file containing 271 bytes of junk data followed by a return address to execute...

8.6CVSS0.00148EPSS

Exploits0References4

NVD•added 2026/05/17 1:16 p.m.•18 views

CVE-2018-25320

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to...

9.8CVSS0.00576EPSS

Exploits0References4

Cvelist•added 2026/05/17 12:11 p.m.•33 views

CVE-2018-25328 VX Search 10.6.18 Local Buffer Overflow via Directory Field

8.6CVSS0.00148EPSS

Exploits0References4

ATTACKERKB•added 2026/05/17 12:11 p.m.•7 views

CVE-2018-25328

8.6CVSS6.4AI score0.00148EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/17 12:11 p.m.•11 views

EUVD-2018-21852

8.6CVSS6.4AI score0.00148EPSS

Exploits0References4

CVE•added 2026/05/17 12:11 p.m.•18 views

CVE-2018-25328

VX Search 10.6.18 is affected by a local buffer overflow in the directory field. The vulnerability can be triggered by an oversized input file containing 271 bytes of junk data followed by a return address, allowing an attacker to overwrite the instruction pointer and execute arbitrary code with ...

8.6CVSS6.4AI score0.00148EPSS

Exploits0References4

CVE•added 2026/05/17 12:11 p.m.•16 views

CVE-2018-25323

CVE-2018-25323 affects Allok AVI DivX MPEG to DVD Converter version 2.6.1217. A vulnerability in the License Name field allows a locally authenticated attacker to trigger a structured exception handler (SEH) buffer overflow by pasting a specially crafted payload, leading to arbitrary code executi...

8.6CVSS6.4AI score0.00138EPSS

Exploits0References2

EUVD•added 2026/05/17 12:11 p.m.•9 views

EUVD-2018-21843

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS6.4AI score0.00148EPSS

Exploits0References4

ATTACKERKB•added 2026/05/17 12:11 p.m.•8 views

CVE-2018-25320

9.8CVSS6.5AI score0.00576EPSS

Exploits0References4Affected Software1