CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/09 8:9 p.m.•4 views

MAL-2026-5487 Malicious code in tailwind-form (npm)

6.3AI score

RedhatCVE•added 2026/06/09 7:38 p.m.•6 views

CVE-2026-10732

A flaw was found in the decompress package. A remote attacker can exploit this vulnerability by providing a specially crafted ZIP archive containing a symbolic link and a regular file with the same path. This allows the attacker to write arbitrary files to locations outside the intended output...

7.5CVSS6.4AI score0.00431EPSS

Exploits0References6

NVD•added 2026/06/09 7:17 p.m.•8 views

CVE-2026-36723

An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...

8.8CVSS0.00998EPSS

Snyk•added 2026/06/09 6:32 p.m.•4 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in PKCS7verify. An attacker supplying a PKCS7 or S/MIME signed message whose SignedData digestAlgorithms field is an empty ASN.1 SET can cause a caller-owned BIO to be freed during verification. A subsequent use of that B...

8.8CVSS6.2AI score0.01409EPSS

EUVD•added 2026/06/09 6:31 p.m.•15 views

EUVD-2026-35707

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00913EPSS

Exploits0References5

EUVD•added 2026/06/09 6:31 p.m.•6 views

EUVD-2026-35519

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score0.00456EPSS

8.8CVSS6AI score0.00416EPSS

EUVD-2026-35516

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score0.00456EPSS

EUVD-2026-35518

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.00577EPSS

EUVD-2026-35697

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network...

EUVD•added 2026/06/09 6:30 p.m.•5 views

EUVD-2026-35501

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.04297EPSS

Exploits1References2

EUVD•added 2026/06/09 6:30 p.m.•5 views

EUVD-2026-35699

Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network...

7.1CVSS5.7AI score0.00314EPSS

EUVD•added 2026/06/09 6:30 p.m.•7 views

EUVD-2026-35505

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8CVSS7.3AI score0.00496EPSS

EUVD•added 2026/06/09 6:30 p.m.•21 views

EUVD-2026-35681

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

7.5CVSS5.7AI score0.0043EPSS

EUVD•added 2026/06/09 6:30 p.m.•11 views

EUVD-2026-35538

Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

6.5CVSS7.3AI score0.00963EPSS

EUVD•added 2026/06/09 6:30 p.m.•5 views

EUVD-2026-35491

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

9.8CVSS5.9AI score0.01409EPSS

Exploits0References7

EUVD•added 2026/06/09 6:30 p.m.•7 views

EUVD-2026-35530

Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network...

9.8CVSS5.7AI score0.01145EPSS

10CVSS6.3AI score0.59524EPSS

EUVD-2026-35440

An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution...

Exploits4References2

NVD•added 2026/06/09 5:17 p.m.•8 views

CVE-2026-49959

8.8CVSS0.00913EPSS

Exploits0References4

NVD•added 2026/06/09 5:17 p.m.•7 views

CVE-2026-47653

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

8.8CVSS0.00416EPSS