CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.8CVSS6.2AI score0.00386EPSS

DEBIAN-CVE-2026-8461

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

Exploits3References1

NVD•added 2026/06/18 2:17 p.m.•9 views

CVE-2026-56012

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS0.00211EPSS

OSV•added 2026/06/18 2:17 p.m.•6 views

DEBIAN-CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

5.3CVSS5.8AI score0.00078EPSS

6.5CVSS5.8AI score0.002EPSS

DEBIAN-CVE-2026-42490

OSV•added 2026/06/18 2:17 p.m.•5 views

DEBIAN-CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

7.9CVSS5.8AI score0.00095EPSS

OSV•added 2026/06/18 2:17 p.m.•7 views

DEBIAN-CVE-2026-42488

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

8.1CVSS5.8AI score0.00353EPSS

OSV•added 2026/06/18 2:17 p.m.•7 views

DEBIAN-CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

6.5CVSS5.8AI score0.00329EPSS

NVD•added 2026/06/18 2:17 p.m.•8 views

CVE-2026-11958

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and...

7.3CVSS0.00102EPSS

Exploits0References2

5.3CVSS5.8AI score0.00078EPSS

UBUNTU-CVE-2026-42489

OSV•added 2026/06/18 2:17 p.m.•12 views

UBUNTU-CVE-2026-8461

8.8CVSS6.2AI score0.00386EPSS

Exploits3References3

6.5CVSS5.8AI score0.002EPSS

UBUNTU-CVE-2026-42490

7.9CVSS5.8AI score0.00095EPSS

UBUNTU-CVE-2026-42487

OSV•added 2026/06/18 2:17 p.m.•5 views

UBUNTU-CVE-2026-42488

8.1CVSS5.8AI score0.00353EPSS

OSV•added 2026/06/18 2:4 p.m.•7 views

ROOT-APP-GOBINARY-CVE-2025-22869 CVE-2025-22869 in rootio-golang.org/x/crypto - Patched by Root

Root has patched CVE-2025-22869 in the rootio-golang.org/x/crypto package for Root:Go. Multiple fixed versions available...

7.5CVSS6.2AI score0.00868EPSS

Exploits0

ATTACKERKB•added 2026/06/18 2:2 p.m.•6 views

CVE-2026-56012

8.5CVSS5.5AI score0.00211EPSS

Exploits0References2

CVE•added 2026/06/18 2:2 p.m.•15 views

CVE-2026-56012

The CVE concerns the WordPress plugin Media Library Assistant (vulnerable from unknown through 3.35). The issue is an SQL Injection due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected component is the plugin’s data handling for user input in ...

8.5CVSS5.6AI score0.00211EPSS