Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23267 matches found

NVD
NVDadded 2026/05/15 3:16 a.m.29 views

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

9.3CVSS0.0017EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/15 2:6 a.m.56 views

CVE-2026-7373 Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

9.3CVSS0.0017EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/15 2:6 a.m.21 views

EUVD-2026-30498

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

9.3CVSS5.9AI score0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/15 2:6 a.m.13 views

CVE-2026-7373 Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the metasploitPostgreSQL service the subsequent postgres.exe service attempts to load an OpenSSL configuration file from a non-existent directo...

9.3CVSS5.9AI score0.0017EPSS
Exploits0References1
CVE
CVEadded 2026/05/15 2:6 a.m.14 views

CVE-2026-7373

Rapid7 Metasploit Pro on Windows is affected by CVE-2026-7373. On startup, the metasploitPostgreSQL service spawns the postgres.exe service, which loads an OpenSSL configuration file from a directory writable by standard users. By placing a crafted openssl.cnf, an unprivileged user can cause the ...

9.3CVSS6AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/15 2:6 a.m.10 views

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

9.3CVSS6AI score0.0017EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.17 views

PT-2026-41261

Name of the Vulnerable Software and Affected Versions Rapid7 Metasploit Pro affected versions not specified Description Rapid7 Metasploit Pro on Windows is subject to a local privilege escalation. During startup, the metasploitPostgreSQL service and the subsequent postgres.exe service attempt to...

9.3CVSS5.9AI score0.0017EPSS
Exploits0References5
Amazon
Amazonadded 2026/05/15 12:0 a.m.9 views

Low: aws-cfn-bootstrap

Issue Overview: No CVE associated with this advisory Affected Packages: aws-cfn-bootstrap Issue Correction: Run dnf update aws-cfn-bootstrap --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1662 --releasever 2023.11.20260514 to update your system. More information on how to...

8.8CVSS6.8AI score0.48666EPSS
Exploits7
CNNVD
CNNVDadded 2026/05/15 12:0 a.m.8 views

Rapid7 Metasploit Pro 访问控制错误漏洞

Rapid7 Metasploit Pro is a penetration testing software developed by Rapid7, Inc. Rapid7 Metasploit Pro has a access control vulnerability. This vulnerability arises from the Metasploit PostgreSQL service attempting to load OpenSSL configuration files from a non-existent directory that is writabl...

9.3CVSS6.1AI score0.0017EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/15 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate,...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/15 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-42327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/15 12:0 a.m.10 views

PT-2026-41315

Name of the Vulnerable Software and Affected Versions LibJWT versions 3.0.0 through 3.3.2 Description LibJWT accepts an RSA JSON Web Key JWK lacking an alg parameter as the verification key for HS256, HS384, or HS512 tokens. When using the OpenSSL backend, this results in HMAC verification...

9.1CVSS5.8AI score0.00209EPSS
Exploits0References4
NVD
NVDadded 2026/05/14 9:16 p.m.7 views

CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS0.00172EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 9:16 p.m.2 views

DEBIAN-CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References1
NVD
NVDadded 2026/05/14 9:16 p.m.10 views

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS0.00211EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 9:16 p.m.4 views

DEBIAN-CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References1
OSV
OSVadded 2026/05/14 9:16 p.m.4 views

UBUNTU-CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/05/14 9:16 p.m.7 views

CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/05/14 9:16 p.m.9 views

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/14 8:18 p.m.31 views

CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS0.00172EPSS
Exploits0References1
Rows per page
Query Builder