CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/01/29 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-24675

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urbselectinterface can free the device's MS config on error but later code sti...

8.7CVSS5.9AI score0.00467EPSS

NVD•added 2026/01/28 6:16 p.m.•4 views

CVE-2025-46316

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Pages 15.1, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1. Processing a maliciously crafted Pages document may result in unexpected termination or disclosure of process memory...

4.3CVSS0.00278EPSS

NVD•added 2026/01/28 12:15 p.m.•8 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility ICU has Stack-based Buffer Overflow vulnerability. This issue affects iSTAR Configuration Utility ICU version 6.9.7 and prior. Successful exploitation of this vulnerability could result in failure within the operating system of the machine hosting the...

7.1CVSS0.0039EPSS

Vulnrichment•added 2026/01/28 11:24 a.m.•4 views

CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

CVE•added 2026/01/28 11:24 a.m.•10 views

CVE-2025-26386

Johnson Controls iSTAR Configuration Utility (ICU) on Windows is affected by a stack-based buffer overflow in ICU versions up to and including 6.9.7 (prior to 6.9.8). Successful exploitation could cause the host OS to fail, per NVD/Red Hat/Nessus/ICS advisories. A fixed version, ICU 6.9.8, is ref...

EUVD•added 2026/01/28 11:24 a.m.•5 views

EUVD-2025-206488

Cvelist•added 2026/01/28 11:24 a.m.•19 views

CVE-2025-26386 Stack-based Buffer Overflow in Johnson Controls iSTAR Configuration Utility (ICU) tool

7.1CVSS0.0039EPSS

Wolfi•added 2026/01/28 1:48 a.m.•4 views

GHSA-W2PG-HW7V-F7M9 vulnerabilities

Vulnerabilities for packages: nodejs...

5.9AI score

Exploits0

Japan Vulnerability Notes•added 2026/01/28 1:41 a.m.•9 views

Archer MR600 vulnerable to OS command injection

Overview Archer MR600 provided by TP-Link Systems Inc. contains the following vulnerability. OS command injection CWE-78 - CVE-2025-14756 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact An arbitrary OS command may be execute...

8.8CVSS6AI score0.02679EPSS

Exploits0References4

Cvelist•added 2026/01/28 1:32 a.m.•33 views

CVE-2026-1505 D-Link DIR-615 URL Filter set_temp_nodes.php os command injection

A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /settempnodes.php of the component URL Filter. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. This...

8.6CVSS0.04474EPSS

Exploits1References5

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5165

The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote file may disclose memory contents...

5.9AI score0.00122EPSS

Exploits0References4

Tenable Nessus•added 2026/01/28 12:0 a.m.•5 views

Mozilla Thunderbird < 140.7.1

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.7.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2026-08 advisory. - When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text...

4.3CVSS8.8AI score0.00159EPSS

Positive Technologies•added 2026/01/28 12:0 a.m.•9 views

PT-2026-5091

CNNVD•added 2026/01/28 12:0 a.m.•4 views

D-Link DIR-823X: Operating System Command Injection Vulnerability

The D-Link DIR-823X is a wireless router produced by D-Link Corporation. The D-Link DIR-823X 250416 version has a vulnerability related to operating system command injection. This vulnerability stems from incorrect handling of the parameter “langateway” in the function sub41E2A0 within the...

8.8CVSS6.6AI score0.03348EPSS

Exploits1References5

CNNVD•added 2026/01/28 12:0 a.m.•5 views

Johnson Controls iSTAR Configuration Utility security vulnerability

Johnson Controls iSTAR Configuration Utility is a software tool developed by Johnson Controls for configuring and managing iSTAR Controllers. Versions of the ICU 6.9.7 and earlier contain security vulnerabilities; these vulnerabilities stem from stack buffer overflows, which may lead to operating...