CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AlmaLinux•added 2026/05/07 12:0 a.m.•8 views

Moderate: freeipmi security update

The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: buffer overflows on response messages via ipmi-oem CVE-2026-33554 For more details about the security issues,...

7.5CVSS6AI score0.00382EPSS

Exploits0References4

Tenable Nessus•added 2026/05/07 12:0 a.m.•7 views

RHEL 9 : freeipmi (RHSA-2026:14819)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:14819 advisory. The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI...

7.5CVSS6AI score0.00382EPSS

Exploit DB•added 2026/05/07 12:0 a.m.•52 views

NocoBase 2.0.27 - VM Sandbox Escape

Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: -u -P --cmd "id"...

9.9CVSS6AI score0.07593EPSS

Exploits7

RedhatCVE•added 2026/05/06 8:21 p.m.•3 views

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH conso...

CVE•added 2026/05/06 11:28 a.m.•19 views

Exploits0References1

CVE-2026-43197

CVE-2026-43197 concerns a Linux kernel netconsole vulnerability where messages from the console subsystem could be read out-of-bounds due to missing null-termination. The root cause is a netconsole write path that could access memory beyond the allocated buffer, observable as a slab-out-of-bounds...

9.1CVSS5.8AI score0.00462EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/05/06 11:27 a.m.•3 views

CVE-2026-43123

In the Linux kernel, the following vulnerability has been resolved: fbcon: check return value of con2fbacquirenewinfo If fbconopen fails when called from con2fbacquirenewinfo then info-fbconpar pointer remains NULL which is later dereferenced. Add check for return value of the function...

5.7AI score0.00128EPSS

Exploits0References8Affected Software1

Debian CVE•added 2026/05/06 11:27 a.m.•2 views

CVE-2026-43123

5.5CVSS5.7AI score0.00128EPSS

Exploits0

Tenable Nessus•added 2026/05/06 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2023-54344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by...

9.8CVSS6.7AI score0.0055EPSS

Tenable Nessus•added 2026/05/06 12:0 a.m.•7 views

RHCOS 3 : OpenShift Container Platform 3.10 atomic-openshift-web-console (RHSA-2019:2552)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2552 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS6.5AI score0.03151EPSS

Positive Technologies•added 2026/05/06 12:0 a.m.•8 views

PT-2026-37537

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0 Description An issue exists in the netconsole component where the msg passed from the console subsystem is not guaranteed to be null-terminated. This can lead to out-of-bounds OOB reads when the system...

9.1CVSS5.8AI score0.00521EPSS

Exploits0References145

Tenable Nessus•added 2026/05/06 12:0 a.m.•11 views

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2019:1851)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1851 advisory. - web-console: XSS in OAuth server /oauth/token/request endpoint CVE-2019-3876 - jenkins-plugin-token-macro: XML External Entity...

7.5CVSS5.8AI score0.10521EPSS

Exploits0References9

Tenable Nessus•added 2026/05/06 12:0 a.m.•4 views

RHCOS 3 : OpenShift Container Platform 3.9 atomic-openshift-web-console (RHSA-2019:2551)

The remote Red Hat Enterprise Linux CoreOS 3 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2551 advisory. - xterm.js: Mishandling of special characters allows for remote code execution CVE-2019-0542 Note that Nessus has not tested for this issue b...

8.8CVSS6.5AI score0.03151EPSS

EUVD•added 2026/05/05 6:33 p.m.•3 views

EUVD-2026-27394

NVD•added 2026/05/05 4:16 p.m.•14 views

Exploits0References3

CVE-2026-7865

7.4CVSS0.00753EPSS

Vulnrichment•added 2026/05/05 3:5 p.m.•6 views

CVE-2026-7865 Hidden Console Command

Cvelist•added 2026/05/05 3:5 p.m.•28 views

CVE-2026-7865 Hidden Console Command

7.4CVSS0.00753EPSS

ATTACKERKB•added 2026/05/05 3:5 p.m.•2 views

CVE-2026-7865

Exploits0References3Affected Software1

CVE•added 2026/05/05 3:5 p.m.•11 views

CVE-2026-7865

The CVE-2026-7865 entry describes a vulnerability in Crestron devices where a hidden console command can be exploited to perform command injection by passing control characters to the second argument of a popen call. Affected software is the Crestron SSH console exposed on eligible devices; the u...