CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 4 days ago•4 views

CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

7.1CVSS5.5AI score0.00075EPSS

ATTACKERKB•added 4 days ago•4 views

CVE-2026-39908

7.1CVSS5.5AI score0.00075EPSS

Exploits0References3

Cvelist•added 4 days ago•29 views

CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source

7.1CVSS0.00075EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux - уязвимость в linux-5.15

A bug affects the ksmbd NTLMv2 authentication of the Linux kernel, and it is known to cause the operating system to crash immediately in Linux-based systems...

7.5CVSS6.6AI score0.04508EPSS

Exploits1References2

EUVD•added 2026/04/15 12:31 a.m.•0 views

EUVD-2026-22724

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

7CVSS5.8AI score0.00094EPSS

Cvelist•added 2026/04/14 9:21 p.m.•17 views

CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

7CVSS0.01042EPSS

ATTACKERKB•added 2026/04/14 9:21 p.m.•1 views

CVE-2026-39907

7CVSS5.8AI score0.01042EPSS

Exploits1References3Affected Software1

CVE•added 2026/04/14 9:21 p.m.•3 views

CVE-2026-39906

CVE-2026-39906 affects Unisys WebPerfect Image Suite v3.0.3960.22810 and v3.0.3960.22604. The root cause is exposure of a deprecated .NET Remoting TCP channel, enabling remote unauthenticated attackers to leak NTLMv2 machine-account hashes by passing a Windows UNC path as a target file argument v...

10CVSS5.8AI score0.00094EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/14 9:21 p.m.•18 views

CVE-2026-39906 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via .NET Remoting

7CVSS0.00094EPSS

CNNVD•added 2026/04/14 12:0 a.m.•3 views

Unisys WebPerfect Image Suite 安全漏洞

Unisys WebPerfect Image Suite is an enterprise document imaging and management system developed by Unisys, Inc. Both versions of Unisys WebPerfect Image Suite 3.0.3960.22810 and 3.0.3960.22604 contain security vulnerabilities. These vulnerabilities stem from the exposure of deprecated.NET Remotin...

10CVSS5.8AI score0.00094EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•2 views

PT-2026-32937

7CVSS5.8AI score0.00094EPSS

Exploits1References4

OSV•added 2026/04/01 9:26 p.m.•2 views

GHSA-P998-JP59-783M AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

Summary On Windows the static resource handler may expose information about a NTLMv2 remote path. Impact If an application is running on Windows, and using aiohttp's static resource handler not recommended in production, then it may be possible for an attacker to extract the hash from an NTLMv2...

Github Security Blog•added 2026/04/01 9:26 p.m.•4 views

Exploits0References5

AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/01 8:10 p.m.•2 views

CVE-2026-34515 AIOHTTP: UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

8.7CVSS5.8AI score0.00022EPSS

Exploits0References3

CVE•added 2026/04/01 8:10 p.m.•4 views

CVE-2026-34515

CVE-2026-34515 affects the AIOHTTP framework prior to 3.13.4. On Windows, the static resource handler could expose information about a NTLMv2 remote path, enabling UNC SSRF and potential credential exposure or local file read. The issue has been fixed in version 3.13.4. The CVE entry (CVE-2026-34...

8.7CVSS5.8AI score0.00022EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29604

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Prior to version 3.13.4, on Windows, the static resource handler in AIOHTTP may expose information about a NTLMv2 remote path. This could potentially allow an attacker to extract the hash from an...

CNNVD•added 2026/04/01 12:0 a.m.•4 views

Exploits0References7

aiohttp 代码问题漏洞

Aiohttp is an open-source framework developed by aio-libs, used for asynchronous HTTP client/server interactions with asyncio and Python. Versions of AIOHTTP prior to 3.13.4 contained code vulnerabilities; these vulnerabilities stemmed from the possibility that static resource handlers on Windows...

Tenable Nessus•added 2026/01/16 12:0 a.m.•1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001521)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001521 advisory. The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS...

7.1CVSS7.1AI score0.05036EPSS

Exploits0References14

EUVD•added 2025/12/05 12:31 a.m.•1 views

EUVD-2025-201309

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

7.4CVSS6.3AI score0.00025EPSS