CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

260 matches found

Cvelist•added 2026/06/16 3:16 p.m.•22 views

CVE-2024-22451

Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution...

6.7CVSS0.00099EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 2:59 p.m.•9 views

CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.00137EPSS

Exploits0References1

Positive Technologies•added 2026/06/10 12:0 a.m.•11 views

PT-2026-48523

Name of the Vulnerable Software and Affected Versions FreeBSD affected versions not specified Description A privilege escalation flaw exists in the Linuxulator, a compatibility layer that allows Linux binaries to run on FreeBSD. A logic bug related to AT SECURE occurs during setuid execution...

5.5AI score

Exploits1References2

NVD•added 2026/06/09 2:16 p.m.•14 views

CVE-2026-47899

8.7CVSS0.00137EPSS

Exploits0References2

Vulnrichment•added 2026/06/09 1:23 p.m.•7 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

8.7CVSS5.8AI score0.00137EPSS

Exploits0References2

Cvelist•added 2026/06/09 1:23 p.m.•28 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

8.7CVSS0.00137EPSS

Exploits0References2

CVE•added 2026/06/09 1:23 p.m.•19 views

CVE-2026-47899

CVE-2026-47899 affects Logseq via the Electron preload script, where an API method allows the renderer to invoke IPC handlers without proper path validation. This enables a JavaScript-executing attacker (e.g., via XSS or a malicious plugin) to read, write, or delete arbitrary files on the user’s ...

8.7CVSS5.8AI score0.00137EPSS

Exploits0References2

EUVD•added 2026/06/09 1:23 p.m.•9 views

EUVD-2026-35436

8.7CVSS5.8AI score0.0027EPSS

Exploits0References2

FreeBSD•added 2026/06/09 12:0 a.m.•9 views

FreeBSD -- Flaw in Linuxulator execution of setugid binaries

Problem Description: The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the PSUGID process flag. During execve2, this flag is not yet set at the point where the auxiliary vector is constructed, so ATSECURE was incorrectly set to zero for set-user-ID and...

5.5AI score

Exploits1

CNNVD•added 2026/06/09 12:0 a.m.•8 views

Logseq 安全漏洞

Logseq is an open-source knowledge management and collaboration platform developed by Logseq. Version Logseq v0.10.15 contains a security vulnerability. This vulnerability stems from the Electron preloaded scripts, which expose an API method. This allows the rendering process to call IPC handlers...

8.7CVSS5.3AI score0.00137EPSS

Exploits0References1

FreeBSD Advisory•added 2026/06/09 12:0 a.m.•6 views

FreeBSD-SA-26:30.linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:30.linux Security Advisory The FreeBSD Project Topic: Flaw in Linuxulator execution of setugid binaries Category: core Module: linux Announced: 2026-06-09...

6AI score

Exploits1

OSV•added 2026/06/08 1:54 p.m.•6 views

JLSEC-2026-603

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.5AI score0.00324EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:11 p.m.•6 views

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS5.8AI score0.00336EPSS

Exploits0References1

Positive Technologies•added 2026/06/05 12:0 a.m.•13 views

PT-2026-47061

Excited to share my research was accepted at @BlackHatEvents USA 2026! 🎩 I'll present how I achieved interactive access to users' AI assistants by chaining: 🔓 Prompt injection 🔓 Privilege escalation 🔓 Path traversal 🔓 .toml injection 🔓 and finally an LD PRELOAD exploit The impact: 🚨 CVE-2026-3219...

8.8CVSS5.6AI score0.00336EPSS

Exploits0References3

GithubExploit•added 2026/06/02 11:17 p.m.•78 views

Linux-privesc-PoC

Linux Privilege Escalation PoC Lab Educational disclaimer...

5.8AI score

Exploits0

CVE•added 2026/05/14 2:51 p.m.•11 views

CVE-2026-44482

CVE-2026-44482 affects the SoundCloud Client app (soundcloud-rpc) built on Electron. Before 0.1.8, a track title could contain an HTML payload that, via the preload API window.soundcloudAPI.sendTrackUpdate and IPC to the Electron main process, is rendered as raw HTML in privileged views with Node...

9.6CVSS6AI score0.00336EPSS

Exploits0References1

Cvelist•added 2026/05/14 2:51 p.m.•49 views

CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title

9.6CVSS0.00336EPSS

Exploits0References1

EUVD•added 2026/05/14 2:51 p.m.•8 views

EUVD-2026-30300

9.6CVSS6AI score0.00336EPSS

Exploits0References1

Vulnrichment•added 2026/05/14 2:51 p.m.•7 views

CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title