CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15871 matches found

Vulnrichment•added 2026/04/02 5:5 p.m.•4 views

CVE-2026-27774

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image Windows before build 42902...

6.7CVSS6.7AI score0.00016EPSS

Exploits0References1

CVE•added 2026/04/02 5:5 p.m.•4 views

CVE-2026-27774

CVE-2026-27774 affects Acronis True Image for Windows prior to build 42902. The issue is a DLL hijacking vulnerability that leads to local privilege escalation. Documentation lists the root cause as DLL search/loading issues; attack vector is local with high confidentiality/integrity/availability...

6.7CVSS6.7AI score0.00016EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/02 5:5 p.m.•13 views

CVE-2026-27774

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image Windows before build 42902...

6.7CVSS0.00016EPSS

Exploits0References1

EUVD•added 2026/04/02 3:31 p.m.•7 views

EUVD-2026-18229

SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed b...

8.7CVSS5.9AI score0.00016EPSS

Exploits0References3

Cvelist•added 2026/04/02 2:57 p.m.•13 views

CVE-2026-33641 Glances Vulnerable to Command Injection via Dynamic Configuration Values

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...

7.8CVSS0.00635EPSS

Exploits3References3

Cvelist•added 2026/04/02 2:45 p.m.•14 views

CVE-2026-34801 Endian Firewall /manage/dhcp/fixed_leases/ remark Stored Cross-Site Scripting

Endian Firewall version 3.3.25 and prior allow stored cross-site scripting XSS via the remark parameter to /manage/dhcp/fixedleases/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page...

6.4CVSS0.00011EPSS

Exploits0References2

NVD•added 2026/04/02 2:16 p.m.•2 views

CVE-2026-26928

8.7CVSS0.00009EPSS

Exploits0References2

Cvelist•added 2026/04/02 2:1 p.m.•17 views

CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost

8.7CVSS0.00009EPSS

Exploits0References2

Vulnrichment•added 2026/04/02 2:1 p.m.•3 views

CVE-2026-26928 Lack of Dynamic Library Validation in SzafirHost

8.7CVSS5.8AI score0.00009EPSS

Exploits0References2

ATTACKERKB•added 2026/04/02 2:1 p.m.•1 views

CVE-2026-26928

8.7CVSS5.9AI score0.00016EPSS

Exploits0References3

CVE•added 2026/04/02 2:1 p.m.•16 views

CVE-2026-26928

CVE-2026-26928 affects SzafirHost. The vulnerability arises because the application does not verify the hash or the vendor’s digital signature for uploaded DLL/SO/JNILIB/DYLIB files, while JARs are checked. An attacker can supply a malicious dynamic library that is saved in the user’s temp folder...

8.7CVSS5.8AI score0.00009EPSS

Exploits0References2

RedHat Linux•added 2026/04/02 1:58 p.m.•4 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.11 Images Update

New images are available for Red Hat build of Keycloak 26.4.11 and Red Hat build of Keycloak 26.4.11 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

8.1CVSS5.9AI score0.0004EPSS

Exploits1References1

RedHat Linux•added 2026/04/02 1:54 p.m.•2 views

org.keycloak.protocol.oidc: Blind Server-Side Request Forgery (SSRF) in Keycloak OIDC Dynamic Client Registration via jwks_uri

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using privatekeyjwt. The issue allows a client to specify an arbitrary jwksuri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the...

5.8CVSS6AI score0.00016EPSS

Exploits0References4

EUVD•added 2026/04/02 9:30 a.m.•1 views

EUVD-2026-18136

The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processing pipeline when the request's User-Agent header contains "W3 Total Cache", which causes raw...

7.5CVSS5.8AI score0.00025EPSS

Exploits0References4

NVD•added 2026/04/02 8:16 a.m.•1 views

CVE-2026-5032

7.5CVSS0.00025EPSS

Exploits0References3

Cvelist•added 2026/04/02 7:39 a.m.•28 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

7.5CVSS0.00025EPSS

Exploits0References3

CVE•added 2026/04/02 7:39 a.m.•11 views

CVE-2026-5032

CVE-2026-5032 affects the WordPress plugin W3 Total Cache (versions

7.5CVSS6.4AI score0.00025EPSS

Exploits0References3

Vulnrichment•added 2026/04/02 7:39 a.m.•0 views

CVE-2026-5032 W3 Total Cache <= 2.9.3 - Unauthenticated Security Token Exposure via User-Agent Header

7.5CVSS5.8AI score0.00025EPSS

Exploits0References3

ATTACKERKB•added 2026/04/02 7:39 a.m.•2 views

CVE-2026-5032

7.5CVSS6.4AI score0.00025EPSS

Exploits0References4

RedhatCVE•added 2026/04/02 5:4 a.m.•0 views

CVE-2026-3780

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the...

7.3CVSS5.9AI score0.00014EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by