CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

537 matches found

CVE•added 2026/03/24 3:7 p.m.•8 views

CVE-2026-33335

Vikunja Desktop Electron wrapper risk (CVE-2026-33335). The vulnerability affects Vikunja Desktop prior to 2.2.0, where URLs from window.open() are passed directly to shell.openExternal() without validation or protocol allowlisting. An attacker who can insert a link (e.g., target="_blank" in user...

8CVSS5.9AI score0.00051EPSS

Exploits1References2Affected Software1

SUSE CVE•added 2026/03/16 12:43 a.m.•4 views

SUSE CVE-2013-1085

Stack-based buffer overflow in the nim: protocol handler in Novell GroupWise Messenger 2.04 and earlier, and Novell Messenger 2.1.x and 2.2.x before 2.2.2, allows remote attackers to execute arbitrary code via an import command containing a long string in the filename parameter...

9.3CVSS6.5AI score0.20584EPSS

Exploits0References4

Cvelist•added 2026/01/29 8:46 a.m.•26 views

CVE-2026-23566 Log Injection in Content Distribution Service UDP Handler

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper with, or forge log entries in \Nomad Branch.log via crafted data sent to the UDP network handler. Th...

6.5CVSS0.00069EPSS

Exploits0References1

Vulnrichment•added 2026/01/22 1:2 p.m.•2 views

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.12. Affected by this issue is the function SessionController of the file /isomp-protocol/protocol/session of the component SSH Protocol Handler. The manipulation of the argument keypassword leads to os...

9CVSS5.3AI score0.0028EPSS

Exploits1References4

ATTACKERKB•added 2026/01/22 1:2 p.m.•2 views

CVE-2026-1324

9.8CVSS7.5AI score0.0028EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/01/22 1:2 p.m.•16 views

CVE-2026-1324 Sangfor Operation and Maintenance Management System SSH Protocol session SessionController os command injection

9CVSS0.0028EPSS

Exploits1References4

Positive Technologies•added 2026/01/22 12:0 a.m.•4 views

PT-2026-3932

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the SessionController function within the SSH Protocol Handler...

9.8CVSS7.2AI score0.0028EPSS

Exploits1References10

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 8 : firefox-128.4.0-1.el8_10.ML.1 (AXSA:2024-8962:36)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8962:36 advisory. firefox: thunderbird: History interface could have been used to cause a Denial of Service condition in the browser CVE-2024-10464 firefox:...

9.8CVSS7.5AI score0.00944EPSS

Exploits0References11

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 7 : firefox-91.4.0-1.0.1.el7.AXS7 (AXSA:2021-2597:33)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2597:33 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

8.8CVSS8.1AI score0.00967EPSS

Exploits0References10

Tenable Nessus•added 2026/01/20 12:0 a.m.•5 views

MiracleLinux 8 : firefox-91.4.0-1.el8.ML.1 (AXSA:2022-2971:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-2971:02 advisory. Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 Mozilla: URL leakage when navigating while executing asynchronous function...

8.8CVSS8.1AI score0.00967EPSS

Exploits0References10

Tenable Nessus•added 2026/01/16 12:0 a.m.•1 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004779)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004779 advisory. A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fibnhmatch of the file net/ipv4/fibsemantics.c of the component...

4.3CVSS5.4AI score0.00073EPSS

Exploits0References3

Vulnrichment•added 2026/01/09 9:32 p.m.•6 views

CVE-2025-15500 Sangfor Operation and Maintenance Management System HTTP POST Request getHis os command injection

A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP POST Request Handler. The manipulation of the argument sessionPath results in os command...

10CVSS6.6AI score0.00937EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 12:15 p.m.•11 views

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

9.3CVSS7.4AI score0.92322EPSS

Exploits31References1

Positive Technologies•added 2025/10/10 12:0 a.m.•0 views

PT-2025-41600

Name of the Vulnerable Software and Affected Versions Cherry Studio versions 1.7.0-alpha.4 and earlier Description Cherry Studio is a desktop client supporting multiple LLM providers. It registers a custom protocol, cherrystudio://, and when handling MCP installation URLs, it parses base64-encode...

9.6CVSS7AI score0.00076EPSS

Exploits1References12