CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

171908 matches found

OSV•added 2026/06/18 8:27 p.m.•3 views

ECHO-D378-1B5A-F13E

Bulletin has no description...

5.3CVSS5AI score0.00136EPSS

Exploits0References1

OSV•added 2026/06/18 8:21 p.m.•4 views

ECHO-3E02-3A01-4AE3

Bulletin has no description...

8.2CVSS4.9AI score0.00408EPSS

Exploits1References1

ATTACKERKB•added 2026/06/18 7:39 p.m.•7 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS

Exploits0References4

EUVD•added 2026/06/18 7:39 p.m.•10 views

EUVD-2026-37940

8.5CVSS6.3AI score0.00149EPSS

Exploits0References3

CVE•added 2026/06/18 7:39 p.m.•18 views

CVE-2026-25865

CVE-2026-25865 affects Punto Switcher 4.5.0.583. The vulnerability is an unquoted search path element invoked via WinExec when calling RunDll32.exe for shell32.dll Control_RunDLL input.dll, enabling local arbitrary code execution if an attacker places a malicious executable earlier in the search ...

8.5CVSS6.3AI score0.00149EPSS

Exploits0References3

OSV•added 2026/06/18 7:16 p.m.•6 views

DEBIAN-CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.8AI score0.00105EPSS

Exploits0References1

OSV•added 2026/06/18 7:16 p.m.•4 views

DEBIAN-CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS6AI score0.00445EPSS

Exploits0References1

OSV•added 2026/06/18 6:19 p.m.•4 views

CGA-JG37-PM8G-67GR

Bulletin has no description...

6.9CVSS4.8AI score0.00107EPSS

Exploits1

OSV•added 2026/06/18 6:16 p.m.•4 views

CGA-4MWV-6XRJ-9CG9

Bulletin has no description...

3.6CVSS4.8AI score0.00116EPSS

Exploits0

OSV•added 2026/06/18 6:16 p.m.•5 views

CGA-4JCF-P633-VP8V

Bulletin has no description...

4.9AI score0.00038EPSS

Exploits0

OSV•added 2026/06/18 6:16 p.m.•6 views

CGA-CCX4-RJJQ-H4H8

Bulletin has no description...

5AI score

Exploits0

OSV•added 2026/06/18 6:16 p.m.•5 views

CGA-9QRG-V82J-WGCV

Bulletin has no description...

5AI score

Exploits0

IBM Security Bulletins•added 2026/06/18 5:57 p.m.•36 views

Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression (PCRE) library used in IBM Aspera Shares 1.9.2 and earlier

Question Security Bulletin: Vulnerability with the open source Perl Compatible Regular Expression PCRE library used in IBM Aspera Shares 1.9.2 and earlier "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM...

5.4AI score

Exploits0Affected Software1

IBM Security Bulletins•added 2026/06/18 5:57 p.m.•66 views

Security Bulletin: MySQL 0-day exploit (CVE-2016-6662)

Question Security Bulletin: MySQL 0-day exploit CVE-2016-6662 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

10CVSS8.4AI score0.6773EPSS

Exploits16Affected Software1

RedHat Linux•added 2026/06/18 5:24 p.m.•6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.2AI score0.00292EPSS

Exploits0References8

RedHat Linux•added 2026/06/18 5:24 p.m.•5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.9AI score0.0052EPSS

Exploits0References8

OSV•added 2026/06/18 5:16 p.m.•4 views

DEBIAN-CVE-2026-55203

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS6.1AI score0.00321EPSS

Exploits0References1

OSV•added 2026/06/18 5:16 p.m.•4 views

DEBIAN-CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.9AI score0.00431EPSS

Exploits0References1

OSV•added 2026/06/18 5:16 p.m.•6 views

DEBIAN-CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS

Exploits0References1

OSV•added 2026/06/18 5:16 p.m.•4 views

UBUNTU-CVE-2026-48617

1.8CVSS6.2AI score0.00208EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by