CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

214 matches found

NVD•added 2026/05/20 12:16 a.m.•6 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS0.00005EPSS

Exploits0References2

Vulnrichment•added 2026/05/19 11:54 p.m.•5 views

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

5.5CVSS6.1AI score0.00005EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•3 views

Astra Linux - уязвимость в firefox

When a user has already allowed a website to access the microphone and camera, disabling camera sharing does not completely prevent the website from re-enabling them without an additional prompt. This is only possible if the website continues to record with the microphone until the camera is...

4.3CVSS6.7AI score0.00207EPSS

Exploits0References2

Malwarebytes•added 2026/04/16 12:40 p.m.•2 views

Browser Guard gets even better with Access Control

Have you ever been on a website when a pop-up suddenly asked for access to your camera, microphone, location, or notifications? Whether you clicked “allow,” dismissed it, or just wondered why it appeared, those permission requests aren’t always harmless. Some sites can abuse those permissions. Wi...

5.8AI score

Exploits0

GithubExploit•added 2026/04/05 7:9 a.m.•89 views

Exploit for CVE-2024-23700

PoC for CVE-2024-23700, allowing silently obtain permissions to...

5.8AI score

Exploits1

The Hacker News•added 2026/03/16 9:7 a.m.•2 views

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...

6.1AI score

Exploits0

Malwarebytes•added 2026/03/03 12:10 p.m.•2 views

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Chrome’s Gemini “Live in Chrome” panel Gemini’s embedded, agent-style assistant mode within Chrome had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file...

8.8CVSS6AI score0.00017EPSS

Exploits2

GithubExploit•added 2026/01/29 1:59 a.m.•140 views

Exploit for CVE-2025-36911

🚀 wpair-app - A Tool to Understand Bluetooth Security 🎉 Ov...

7.1CVSS5.9AI score0.00007EPSS

Exploits14

GithubExploit•added 2026/01/26 3:53 p.m.•122 views

Exploit for CVE-2025-36911

ZWhisper CVE-2025-36911 WhisperPair Vulnerability Scanner...

7.1CVSS5.8AI score0.00007EPSS

Exploits14

GithubExploit•added 2026/01/17 5:28 a.m.•138 views

Exploit for CVE-2025-36911

WPair CVE-2025-36911 eg WhisperPair Vulnerability Scanner...

7.1CVSS7.2AI score0.00007EPSS

Exploits14

GithubExploit•added 2026/01/17 5:28 a.m.•154 views

Exploit for CVE-2025-36911

WhisperPair CVE-2025-36911 Vulnerability Scanner & Research...

7.1CVSS6.9AI score0.00007EPSS

Exploits14

RedhatCVE•added 2026/01/09 9:51 a.m.•3 views

CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler...

5.3CVSS6.8AI score0.00203EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:50 a.m.•1 views

CVE-2020-24003

Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process with the user's privileges to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access...

3.3CVSS6.4AI score0.00729EPSS

Exploits1References1