CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/15 12:27 p.m.•24 views

CVE-2026-1636

A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges...

6.7CVSS0.00007EPSS

CVE•added 2026/04/15 12:27 p.m.•6 views

CVE-2026-1636

Lenovo Service Bridge is affected by a DLL hijacking vulnerability that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges. The issue is documented across multiple sources (CVE-2026-1636) with a vulnerability pattern described as DLL search ...

6.7CVSS5.9AI score0.00007EPSS

Malwarebytes•added 2026/04/15 10:37 a.m.•4 views

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

We’ve uncovered multiple campaigns distributing an infostealer we track as NWHStealer , using everything from fake VPN downloads to hardware utilities and gaming mods. What makes this campaign stand out isn’t just the malware, but how widely and convincingly it’s being spread. Once installed, it...

6AI score

NVD•added 2026/04/15 5:16 a.m.•0 views

CVE-2026-5397

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

7.8CVSS0.00014EPSS

Cvelist•added 2026/04/15 4:11 a.m.•23 views

CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

7.8CVSS0.00014EPSS

ATTACKERKB•added 2026/04/15 4:11 a.m.•1 views

CVE-2026-5397

7.8CVSS5.8AI score0.00014EPSS

CVE•added 2026/04/15 4:11 a.m.•5 views

CVE-2026-5397

The CVE-2026-5397 entry describes an Uncontrolled Search Path Element (CWE-427) in a UPS management application. It states that improper permissions on the installation directory allow a malicious DLL to be placed there and executed with administrator privileges because the product loads missing ...

7.8CVSS5.8AI score0.00014EPSS

GithubExploit•added 2026/04/15 1:31 a.m.•90 views

ps459

Multi-Firmware PS4 WebKit & Kernel Exploit Chain An exploit c...

5.9AI score

Cvelist•added 2026/04/15 1:25 a.m.•27 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

The Avada Fusion Builder plugin for WordPress is vulnerable to Arbitrary WordPress Action Execution in all versions up to, and including, 3.15.1. This is due to the plugin's outputactionhook function accepting user-controlled input to trigger any registered WordPress action hook without proper...

5.4CVSS0.00017EPSS

ATTACKERKB•added 2026/04/15 1:25 a.m.•3 views

CVE-2026-1509

5.4CVSS6.1AI score0.00017EPSS

Exploits0References4

Vulnrichment•added 2026/04/15 1:25 a.m.•3 views

CVE-2026-1509 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Limited Arbitrary WordPress Action Execution

5.4CVSS6.1AI score0.00017EPSS

ATTACKERKB•added 2026/04/15 1:25 a.m.•2 views

CVE-2026-1541

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusiongetpostcustomfield function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

Vulnrichment•added 2026/04/15 1:25 a.m.•1 views

CVE-2026-1541 Avada (Fusion) Builder <= 3.15.1 - Authenticated (Subscriber+) Sensitive Information Exposure via Insecure Direct Object Reference

CVE•added 2026/04/15 1:25 a.m.•4 views

CVE-2026-1541

The CVE concerns the Avada (Fusion) Builder WordPress plugin, affected up to version 3.15.1. The root cause is that fusion_get_post_custom_field() does not validate whether metadata keys are underscore-prefixed, enabling authenticated users with Subscriber-level access and above to expose protect...

CNNVD•added 2026/04/15 12:0 a.m.•5 views

Lenovo Service Bridge 安全漏洞

Lenovo Service Bridge is an application based on the Windows platform developed by Lenovo Corporation. This program can automatically detect the serial number, device type, and model of devices in order to provide corresponding services. Lenovo Service Bridge has a security vulnerability, which...

6.7CVSS6AI score0.00007EPSS

Packet Storm News•added 2026/04/15 12:0 a.m.•1 views

Challenges and Future Directions in Agentic Reverse Engineering Systems

Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...

5.8AI score

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-32995

The Avada Fusion Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's fusion get post custom field function failing to validate whether metadata keys are protected underscore-prefixed. This makes it...

Packet Storm News•added 2026/04/15 12:0 a.m.•1 views

AndroScanner: Automated Backend Vulnerability Detection for Android Applications

Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting vulnerabilities in Android application backends through combined...

5.8AI score

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-33184

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

2.9CVSS5.8AI score0.00006EPSS