CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

63 matches found

IBM Security Bulletins•added 2026/04/29 11:4 a.m.•6 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-15467 DESCRIPTION: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

8.8CVSS8.2AI score0.02889EPSS

Exploits9Affected Software1

OSV•added 2026/04/27 6:33 p.m.•6 views

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.7AI score0.00115EPSS

Exploits1References8

OSV•added 2026/03/27 2:4 p.m.•2 views

OESA-2026-1748 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...

7.5CVSS7.1AI score0.01131EPSS

Exploits1References7

OSV•added 2026/03/20 2:24 p.m.•1 views

OESA-2026-1664 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

7.4CVSS6AI score0.00115EPSS

Exploits1References2

OSV•added 2026/03/20 2:24 p.m.•0 views

OESA-2026-1661 edk2 security update

7.4CVSS6.9AI score0.00115EPSS

Exploits1References2

Tenable Nessus•added 2026/03/15 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-006143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006143 advisory. Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code poin...

7.4CVSS6.8AI score0.00115EPSS

Exploits1References4

Tenable Nessus•added 2026/02/13 12:0 a.m.•4 views

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2025-69419)

7.4CVSS6AI score0.00115EPSS

Exploits1References2

Tenable Nessus•added 2026/02/03 12:0 a.m.•2 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:0360-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0360-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in...

7.5CVSS5.5AI score0.01131EPSS

Exploits1References22

Snyk•added 2026/01/28 4:34 p.m.•2 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the module friendlyName. An attacker can execute arbitrary scripts in the context of a user's browser...

7.6CVSS6AI score0.00017EPSS

Exploits0References2

OSV•added 2026/01/28 4:34 p.m.•2 views

GHSA-VM5Q-8QWW-H238 DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal

A module friendly name could include scripts that will run during some module operations in the Persona Bar...

7.6CVSS5.9AI score0.00017EPSS

Exploits0References3