CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

126 matches found

ATTACKERKB•added 2026/05/20 4:6 p.m.•3 views

CVE-2026-20171

A vulnerability in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service DoS condition...

6.8CVSS5.8AI score0.00039EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/20 4:6 p.m.•5 views

EUVD-2026-31135

6.8CVSS5.8AI score0.00039EPSS

Exploits0References1

OSV•added 2026/04/09 1:21 p.m.•1 views

SUSE-SU-2026:21060-1 Security update for the Linux Kernel RT (Live Patch 6 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-28.1 fixes various security issues The following security issues were fixed: - CVE-2025-39973: i40e: add validation for ringlen param bsc1252036. - CVE-2025-40018: ipvs: Defer ipvsftp unregister during netns cleanup bsc1252689. -...

7.8CVSS6.1AI score0.00063EPSS

Exploits0References17

Packet Storm News•added 2026/04/07 12:0 a.m.•1 views

Auditable Agents

LLM agents call tools, query databases, delegate tasks, and trigger external side effects. Once an agent system can act in the world, the question is no longer only whether harmful actions can be prevented--it is whether those actions remain answerable after deployment. We distinguish...

5.9AI score

Exploits0

Vulnrichment•added 2026/02/24 4:30 p.m.•2 views

CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

8.2CVSS5.9AI score0.00027EPSS

Exploits1References4

CVE•added 2026/02/24 4:30 p.m.•10 views

CVE-2026-27589

Summary: CVE-2026-27589 affects Caddy prior to 2.11.1. The local admin API (default at 127.0.0.1:2019) exposes a state-changing POST /load that can replace the running configuration. If origin enforcement is not enabled, the admin endpoint accepts cross-origin requests and applies an attacker-sup...

8.2CVSS5.4AI score0.00027EPSS

Exploits1References4Affected Software1

ATTACKERKB•added 2026/02/24 4:30 p.m.•2 views

CVE-2026-27589

8.2CVSS5.4AI score0.00027EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/02/21 1:30 a.m.•2 views

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

4.7CVSS5.4AI score0.00006EPSS

Exploits0References1

NVD•added 2026/02/20 12:16 a.m.•3 views

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

4.7CVSS0.00006EPSS

Exploits0References1

OSV•added 2026/02/20 12:16 a.m.•0 views

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

4.7CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2026/02/19 11:9 p.m.•0 views

CVE-2026-2408 Use-after-free in Cloud Workloads

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

4.7CVSS5.9AI score0.00006EPSS

Exploits0References1

CVE•added 2026/02/19 11:9 p.m.•5 views

CVE-2026-2408

Technical details for CVE-2026-2408 are not publicly provided in the supplied documents. The entries only state a use-after-free vulnerability in the Cloud Workloads Enforce client extension. Monitor for updates from vendors and CVE feeds.

4.7CVSS5.5AI score0.00006EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/19 11:9 p.m.•2 views

CVE-2026-2408

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

4.7CVSS5.5AI score0.00006EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/19 11:9 p.m.•21 views

CVE-2026-2408 Use-after-free in Cloud Workloads

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

4.7CVSS0.00006EPSS

Exploits0References1

Positive Technologies•added 2026/02/19 12:0 a.m.•3 views

PT-2026-20956

Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension...

4.7CVSS5.5AI score0.00006EPSS

Exploits0References2

CNNVD•added 2026/02/18 12:0 a.m.•2 views

Tanium Enforce Recovery Key Portal 安全漏洞

Tanium Enforce Recovery Key Portal is a component of the US-based Tanium company that allows access to disk encryption recovery keys. There is a security vulnerability in Tanium Enforce Recovery Key Portal, which stems from insecure file permissions. This vulnerability may allow attackers with...

6.5CVSS5.8AI score0.00005EPSS

Exploits0References1

Positive Technologies•added 2026/02/17 12:0 a.m.•2 views

PT-2026-20276

Name of the Vulnerable Software and Affected Versions Tanium Enforce Recovery Key Portal affected versions not specified Description An insecure file permissions issue exists in Tanium Enforce Recovery Key Portal. The vulnerability involves incorrect file permissions that could potentially be...

6.5CVSS5.4AI score0.00005EPSS

Exploits0References3

OSV•added 2026/02/05 7:15 p.m.•0 views

CVE-2025-15343

Tanium addressed an incorrect default permissions vulnerability in Enforce...

6.5CVSS5.8AI score

Exploits0References1

NVD•added 2026/02/05 7:15 p.m.•1 views

CVE-2025-15343

Tanium addressed an incorrect default permissions vulnerability in Enforce...

6.5CVSS0.00012EPSS

Exploits0References1