CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

571 matches found

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.3AI score0.0024EPSS

Exploits0References7

RedhatCVE•added 5 days ago•6 views

CVE-2026-47691

10CVSS4.9AI score0.0024EPSS

Exploits0References6

RedHat Linux•added 2026/06/10 10:4 p.m.•5 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET. This vulnerability, related to improper link resolution before file access also known as 'link following', allows an unauthorized local attacker to perform unauthorized tampering. This could lead to integrity compromise of local files...

6.2CVSS5.4AI score0.00272EPSS

Exploits0References5

RedHat Linux•added 2026/06/10 9:17 p.m.•5 views

dotnet: .NET: Local file tampering via link following vulnerability

6.2CVSS5.4AI score0.00272EPSS

Exploits0References5

Redos•added 2026/04/07 12:0 a.m.•3 views

ROS-20260407-73-0022

A vulnerability in the netfilter component of the Linux operating system kernel is related to errors in updating the reference counter. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition...

5.5CVSS6.1AI score0.0016EPSS

Exploits0

Redos•added 2026/03/23 12:0 a.m.•6 views

ROS-20260323-73-0027

A vulnerability in the tmptcp components of the Linux operating system kernel is related to state management errors. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...

7.8CVSS5.8AI score0.00146EPSS

Exploits0

CNVD•added 2026/03/17 12:0 a.m.•1 views

Huawei HarmonyOS Resource Scheduling Module Privilege Control Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS resource scheduling module, which can be exploited by an attacker to compromise integrity...

5.5CVSS5.8AI score0.00109EPSS

Exploits0References1

Redos•added 2026/02/02 12:0 a.m.•5 views

ROS-20260202-73-0043

A vulnerability in the dispc.c component of the Linux operating system kernel is related to memory initialization errors. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...

5.5CVSS5.5AI score0.00232EPSS

Exploits0

Redos•added 2026/01/21 12:0 a.m.•3 views

ROS-20260121-73-0031

A vulnerability in the kernel/trace component of the Linux operating system kernel is related to memory usage after it has been freed. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...

7.8CVSS7AI score0.00232EPSS

Exploits0

Redos•added 2026/01/21 12:0 a.m.•5 views

ROS-20260121-73-0033

A vulnerability in the ksmbd component of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability may allow an attacker to gain access to sensitive data, compromise its integrity, and cause denial of service...

8.8CVSS7.5AI score0.00571EPSS

Exploits0

RedhatCVE•added 2026/01/09 10:55 a.m.•6 views

CVE-2022-23455

Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files...

7.8CVSS7.4AI score0.00186EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:53 a.m.•6 views

CVE-2021-27602

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the...

9.9CVSS7.7AI score0.02001EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:52 a.m.•5 views

CVE-2021-33672

Due to missing encoding in SAP Contact Center's Communication Desktop component- version 700, an attacker could send malicious script in chat message. When the message is accepted by the chat recipient, the script gets executed in their scope. Due to the usage of ActiveX in the application, the...

9.6CVSS7.2AI score0.01065EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:43 a.m.•8 views

CVE-2022-42269

NVIDIA Trusted OS contains a vulnerability in an SMC call handler, where failure to validate untrusted input may allow a highly privileged local attacker to cause information disclosure and compromise integrity. The scope of the impact can extend to other components...

7.9CVSS6.2AI score0.0018EPSS

Exploits0References1