CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

97 matches found

Cvelist•added 2026/06/02 2:16 p.m.•37 views

CVE-2026-10046 Out-of-bounds write in Napoca BIOS INT 0x15 E820 memory map handler (VA-13905)

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bioshandlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...

8.5CVSS0.00015EPSS

Exploits0References1

Positive Technologies•added 2026/06/02 12:0 a.m.•8 views

PT-2026-45767

Name of the Vulnerable Software and Affected Versions Bitdefender Napoca affected versions not specified Description An out-of-bounds write exists in the real-mode hook handler within the napoca/kernel/handler.c file. The handler utilizes a guest-controlled offset derived from SS:SP as an index...

8.5CVSS5.7AI score0.00015EPSS

Exploits0References3

EUVD•added 2026/05/29 2:15 p.m.•8 views

EUVD-2026-33326

A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formWPS of the file /goform/formWPS. Such manipulation of the argument peerPin leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and...

9CVSS7.7AI score0.00119EPSS

Exploits1References4

Cvelist•added 2026/05/29 2:15 p.m.•33 views

CVE-2026-10063 TRENDnet TEW-432BRP formWPS stack-based overflow

9CVSS0.00119EPSS

Exploits1References4

CVE•added 2026/05/02 9:30 a.m.•5 views

CVE-2026-7611

TRENDnet TEW-821DAP firmware versions prior to 1.12B01 are affected. The issue lies in the Firmware Update Handler, specifically the cameo_dev.sh file’s platform_do_upgrade_cameo_dev() function, where data authenticity is not sufficiently verified. This allows remote manipulation of the update pr...

8.1CVSS5.1AI score0.00034EPSS

Exploits1References4Affected Software1

CVE•added 2026/05/02 7:0 a.m.•11 views

CVE-2026-7607

CVE-2026-7607 affects TRENDnet TEW-821DAP firmware version 1.12B01, specifically the auto_update_firmware function. The vulnerability is a buffer overflow caused by manipulation of the str argument, with potential remote initiation. The vendor notes this firmware version only works on hardware ve...

9CVSS7.7AI score0.00092EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/05/02 6:45 a.m.•3 views

CVE-2026-7606 TRENDnet TEW-821DAP Firmware Update new_gui_update_firmware data authenticity

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

6.3CVSS5.4AI score0.00034EPSS

Exploits1References4

Positive Technologies•added 2026/04/28 12:0 a.m.•7 views

PT-2026-45096

Name of the Vulnerable Software and Affected Versions TRENDnet TEW-432BRP version 3.10B20 Description A stack-based buffer overflow occurs due to the manipulation of the filter name argument within the formSetMACFilter function located in the /goform/formSetMACFilter file. This allows for remote...

9CVSS7.6AI score0.00046EPSS

Exploits0References13

RedhatCVE•added 2026/01/09 10:17 a.m.•3 views

CVE-2019-18922

A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 1.00.047 allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product...

7.8CVSS6.8AI score0.87606EPSS

Exploits2References1

RedhatCVE•added 2026/01/07 9:54 a.m.•12 views

CVE-2025-1878

A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required for this attack to succeed. The complexity ...

3.1CVSS7.1AI score0.00133EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:54 a.m.•18 views

CVE-2025-1879

A vulnerability was found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This issue affects some unknown processing of the component APK. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the physical device. It was not possible to...

6.8CVSS6.8AI score0.00171EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:33 a.m.•5 views

CVE-2019-16521

The broken-link-checker plugin through 1.11.8 for WordPress aka Broken Link Checker is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. The filter function on the page listing all detected broken links can be exploited by providing an XSS...

6.1CVSS6.2AI score0.00266EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:31 a.m.•4 views

CVE-2019-16263

The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...

7.4CVSS6.6AI score0.00204EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:31 a.m.•6 views

CVE-2019-16533

On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product...

6.1CVSS7.1AI score0.00328EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-7066

Malware in sbrugna...

7.4CVSS7.4AI score0.00204EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-7208

Malware in sbrugna...

6.1CVSS6.3AI score0.00328EPSS

Exploits0References3