CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added yesterday•14 views

CVE-2026-0132

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE•added yesterday•4 views

CVE-2026-0132

In the CVE-2026-0132 set, the affected component is the Modem. The vulnerability is described as an out-of-bounds write caused by a heap buffer overflow, potentially enabling remote code execution with no extra privileges and no user interaction. The linked reference notes a Pixel/Android securit...

6.6AI score

Cvelist•added yesterday•14 views

CVE-2026-0126

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE•added yesterday•9 views

CVE-2026-10748

Nexus Repository 3 is affected by CVE-2026-10748: an authenticated user with nx-licensing-create can upload a crafted license file to trigger remote code execution as the Nexus process user. Vulnerable in versions before 3.92.0. Remediation: upgrade to 3.92.0 or later according to Sonatype releas...

8.6CVSS5.9AI score

Exploits0References2

NVD•added yesterday•6 views

CVE-2024-24909

Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code...

8.8CVSS

Cvelist•added yesterday•18 views

CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS

CVE•added yesterday•21 views

CVE-2026-44932

Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...

8.8CVSS5.5AI score

EUVD•added yesterday•3 views

EUVD-2024-55622

8.8CVSS5.8AI score

CVE•added yesterday•7 views

CVE-2024-24909

The CVE affects Dell OpenManage Integration with Microsoft Windows Admin Center, specifically the gateway plugin, which contains a Remote Code Execution vulnerability. A remote authenticated user could potentially escalate privileges and run arbitrary code remotely, with a CVSS v3.1 base score of...

8.8CVSS5.9AI score

Cvelist•added yesterday•18 views

CVE-2024-24909

8.8CVSS

NVD•added yesterday•6 views

CVE-2026-12398

A command injection vulnerability was found in galaxyng. The dogitcheckout function in the legacy role import API v1 interpolates unsanitized git ref names branch/tag names into shell commands executed via subprocess.run with shell=True. An authenticated user who controls a git repository can...

7.5CVSS

Exploits0References2

CVE•added yesterday•8 views

CVE-2026-12398

7.5CVSS6.3AI score

Exploits0References2

RedhatCVE•added yesterday•4 views

CVE-2026-12398

7.5CVSS6.2AI score

Exploits0References3

8.8CVSS6.7AI score0.0095EPSS

Important: Red Hat Security Advisory: redis:7 security update

An update for the redis:7 module is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Exploits4References4

8.8CVSS6AI score0.0095EPSS

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.1CVSS5.5AI score0.00894EPSS

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS6.1AI score0.0095EPSS

redis: use-after-free in unblock client flow may allow remote code execution

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

Exploits4References6

RedHat Linux•added yesterday•4 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.8AI score0.01388EPSS

Exploits0References4

NVD•added yesterday•6 views

CVE-2026-10829

A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stems from insufficient input validation of user-supplied input in the "Server location" parameter on the Basic settings page. An attacker could exploit...

8.6CVSS