CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

215 matches found

GithubExploit•added yesterday•16 views

UPnPHostFileRead

Description Local arbitrary file read PoC exploit for the Wind...

5.6AI score

Exploits0

RedhatCVE•added yesterday•3 views

CVE-2026-7439

AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations. Attackers can exploit this content-type validation...

4.8CVSS5.5AI score0.00007EPSS

Exploits0References1

RedhatCVE•added 2026/05/06 8:21 p.m.•4 views

CVE-2026-34461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.8CVSS6.5AI score0.00006EPSS

Exploits0References1

RedhatCVE•added 2026/05/01 10:8 p.m.•1 views

CVE-2026-31749

A flaw was found in the niatmio16d driver within the Comedi Comedi is a collection of drivers for data acquisition equipment subsystem of the Linux kernel. This vulnerability occurs when an error during the driver's attach process causes the cleanup function atmio16ddetach to be called with...

5.5CVSS5.8AI score0.00015EPSS

Exploits0References4

GithubExploit•added 2026/04/27 7:48 p.m.•98 views

Exploit for Improper Access Control in Nodejs Node.Js

CVE-2026-21636 - Node.js Permission Model UDS/Network Bypass...

10CVSS6.6AI score0.00023EPSS

Exploits1

CVE•added 2026/04/14 3:38 p.m.•6 views

CVE-2025-59809

CVE-2025-59809 is a server-side request forgery (SSRF) vulnerability (CWE-918) in Fortinet FortiSOAR PaaS and FortiSOAR on-premise across multiple versions (PaaS: 7.6.0–7.6.2, 7.6.4, 7.5.0–7.5.2, 7.4 all, 7.3 all; on-premise: 7.6.4, 7.6.0–7.6.2, 7.5.0–7.5.2, 7.4 all, 7.3 all). An authenticated at...

4.3CVSS5.8AI score0.00035EPSS

Exploits0References1Affected Software1

SUSE CVE•added 2026/04/06 11:24 p.m.•3 views

SUSE CVE-2026-34933

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

5.5CVSS5.7AI score0.00008EPSS

Exploits1References5

EUVD•added 2026/03/02 6:42 p.m.•3 views

EUVD-2025-208218

In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

6.1AI score0.00003EPSS

Exploits0References1

CNNVD•added 2026/01/16 12:0 a.m.•1 views

WibuKey Runtime security vulnerabilities

WibuKey Runtime is a component provided by the German company WibuKey, which offers software encryption protection solutions. Version 6.51 of WibuKey Runtime contains a security vulnerability. This vulnerability stems from the WkSvW32.exe service having a service path that lacks quotes, which may...

8.5CVSS6.1AI score0.00007EPSS

Exploits1References4

Tenable Nessus•added 2026/01/16 12:0 a.m.•2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001309)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001309 advisory. An issue was discovered in drivers/accessibility/speakup/spkttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause...

5.5CVSS6.5AI score0.00062EPSS

Exploits0References4

Tenable Nessus•added 2026/01/16 12:0 a.m.•3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003758)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003758 advisory. Resource leak in i40e driver for IntelR Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service...

5.5CVSS5.9AI score0.00147EPSS

Exploits0References4

RedhatCVE•added 2026/01/09 10:51 a.m.•6 views

CVE-2022-42894

A vulnerability has been identified in syngo Dynamics All versions VA40G HF01. An unauthenticated Server-Side Request Forgery SSRF vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as loca...

7.5CVSS6.8AI score0.00317EPSS

Exploits0References1

OSV•added 2025/12/02 3:16 a.m.•0 views

CVE-2025-20788

In GPU pdma, there is a possible memory corruption due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS10117735; Issue ID: MSV-4539...

4.4CVSS5.9AI score0.00006EPSS

Exploits0References1

EUVD•added 2025/12/02 1:24 a.m.•3 views

EUVD-2025-200136

Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service...

7.3CVSS6AI score0.00011EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-26616

Malware in sbrugna...

9.8CVSS9.3AI score0.01545EPSS

Exploits3References5