CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

219614 matches found

EUVD•added 2026/05/13 9:32 p.m.•13 views

EUVD-2026-30094

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

8.6CVSS6.1AI score0.00248EPSS

Exploits0References2

EUVD•added 2026/05/13 9:32 p.m.•9 views

EUVD-2026-30093

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

7.2CVSS5.8AI score0.00277EPSS

Exploits0References2

EUVD•added 2026/05/13 9:32 p.m.•8 views

EUVD-2026-30111

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access...

7.8CVSS5.8AI score0.00118EPSS

Exploits0References2

NVD•added 2026/05/13 9:16 p.m.•12 views

CVE-2026-44380

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organization administrator to reset authentication keys belonging to site administrator accounts within...

8.6CVSS0.00403EPSS

Exploits0References1

NVD•added 2026/05/13 9:16 p.m.•9 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

9.3CVSS0.00145EPSS

Exploits0References2

ATTACKERKB•added 2026/05/13 9:6 p.m.•5 views

CVE-2026-44424

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

6.5CVSS5.8AI score0.00246EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/13 8:51 p.m.•9 views

EUVD-2026-30167

8.6CVSS5.8AI score0.00403EPSS

Exploits0References1

Vulnrichment•added 2026/05/13 8:51 p.m.•8 views

CVE-2026-44380 MISP: Improper access control in auth key reset allows privilege escalation to site administrator

8.6CVSS5.8AI score0.00403EPSS

Exploits0References1

CVE•added 2026/05/13 8:51 p.m.•14 views

CVE-2026-44380

CVE-2026-44380 (MISP) is an improper access-control flaw in the authentication key reset feature present before version 2.5.37. An authenticated organization administrator could reset auth keys for site administrator accounts within the same organization, since non-site administrators were not ex...

8.6CVSS5.8AI score0.00403EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/05/13 8:23 p.m.•10 views

CVE-2026-41100

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...

4.4CVSS5.8AI score0.00249EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•12 views

CVE-2026-41614

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...

6.2CVSS5.8AI score0.00363EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•8 views

CVE-2026-32209

Improper access control in Windows Filtering Platform WFP allows an authorized attacker to bypass a security feature locally...

4.4CVSS5.8AI score0.00204EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•7 views

CVE-2026-32170

Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...

6.7CVSS5.8AI score0.00319EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•10 views

CVE-2026-42823

Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...

9.9CVSS6AI score0.00601EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:23 p.m.•9 views

CVE-2026-42832

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally...

7.7CVSS5.8AI score0.00222EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:22 p.m.•10 views

CVE-2026-41107

External control of file name or path in Microsoft Edge Chromium-based allows an unauthorized attacker to disclose information over a network...

7.4CVSS5.8AI score0.00652EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:22 p.m.•14 views

CVE-2026-41101

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...

7.1CVSS5.8AI score0.00292EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:22 p.m.•9 views

CVE-2026-41088

Access of resource using incompatible type 'type confusion' in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00319EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:22 p.m.•11 views

CVE-2026-40420

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...

8.8CVSS5.8AI score0.00212EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:22 p.m.•8 views

CVE-2026-41086

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00427EPSS

Exploits0References1