CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/29 8:8 a.m.•2 views

EUVD-2025-209586

6.1CVSS5.3AI score0.00038EPSS

OSV•added 2026/04/29 6:59 a.m.•3 views

CLSA-2026-1777444367 vim: Fix of 9 CVEs

CVE-2021-3903: do not set VALIDBOTLINE in wvalid when the screen is not valid, preventing invalid memory access while scrolling. - CVE-2021-4069: copy the current line before regexec in exopen so the match is not using freed memory when searching for a mark flushes it. - CVE-2022-0351: limit...

9.8CVSS7.3AI score0.00592EPSS

Exploits8References1

ATTACKERKB•added 2026/04/29 3:50 a.m.•0 views

CVE-2026-35155

Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access...

7.1CVSS5.2AI score0.00016EPSS

Exploits0References2

Tenable Nessus•added 2026/04/29 12:0 a.m.•2 views

FreeBSD : Mozilla -- Information disclosure in the IP Protection component (62053c0f-430a-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 62053c0f-430a-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2026571 reports: Information disclosure in the IP Protectio...

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3

Tenable Nessus•added 2026/04/29 12:0 a.m.•1 views

Ubuntu 24.04 LTS / 25.10 : .NET vulnerability (USN-8215-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8215-1 advisory. It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. ...

9.1CVSS5.9AI score0.00023EPSS

Exploits0References2

7.1CVSS5.9AI score0.0043EPSS

VideoFlow Digital Video Protection 路径遍历漏洞

VideoFlow Digital Video Protection is a broadcast-grade video transmission device developed by VideoFlow Corporation in the United States. Version 2.10 of VideoFlow Digital Video Protection contains a path traversal vulnerability. This vulnerability stems from authenticated directory traversal,...

6.7CVSS6.7AI score0.00016EPSS

Acronis DeviceLock DLP 代码问题漏洞

Acronis DeviceLock DLP is a terminal security protection system developed by the Swiss company Acronis. It is designed to control access to peripherals and prevent data breaches. Versions of Acronis DeviceLock DLP prior to version 9.0.93212 contained code vulnerabilities related to DLL hijacking,...

7.1CVSS5.8AI score0.00016EPSS

Dell iDRAC10 安全漏洞

Dell iDRAC10 is an integrated remote access controller developed by the American company Dell. Versions 1.20.70.50 and 1.30.05.10 of Dell iDRAC10 contain security vulnerabilities. These vulnerabilities stem from insufficient credential protection, which may lead to privilege escalation...

5.3CVSS6.3AI score0.00043EPSS

VideoFlow Digital Video Protection DVP 跨站请求伪造漏洞

VideoFlow Digital Video Protection DVP is a video security system provided by VideoFlow Corporation in the United States. It offers features for video content encryption and digital copyright protection. Version 2.10 of VideoFlow Digital Video Protection DVP contains a cross-site request forgeing...

Positive Technologies•added 2026/04/29 12:0 a.m.•2 views

PT-2026-35993

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary system commands by exploiting a cross-site request forgery flaw in the web management interface. Attackers with valid credentials can...

5.3CVSS6.6AI score0.00043EPSS

Positive Technologies•added 2026/04/29 12:0 a.m.•2 views

PT-2026-35994

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download xml.pl,...

7.1CVSS5.2AI score0.0043EPSS

CNNVD•added 2026/04/29 12:0 a.m.•4 views

Wazuh 安全漏洞

Wazuh is an open-source application developed by Wazuh. It is used for collecting, summarizing, indexing, and analyzing security data, helping organizations detect intrusions, threats, and abnormal behaviors. Versions of Wazuh from 4.0.0 to 4.14.4 contained security vulnerabilities. These...

6.5CVSS5.8AI score0.00075EPSS

Exploits1References1

CISA•added 2026/04/28 12:0 p.m.•5 views

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-1708link is external ConnectWise ScreenConnect Path Traversal Vulnerability CVE-2026-32202link is external Microsoft Windows Protection Mechanism Failure...

8.4CVSS8.7AI score0.8481EPSS

In wildExploits8References7

RedhatCVE•added 2026/04/28 8:48 a.m.•2 views

CVE-2026-41488

A flaw was found in langchain-openai. A remote attacker could exploit a Time-of-Check to Time-of-Use TOCTOU vulnerability, also known as a DNS rebinding vulnerability. This occurs because the urltosize helper, used for image token counting, validates URLs for Server-Side Request Forgery SSRF...

3.4CVSS5.1AI score0.00026EPSS