CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/01/15 9:16 p.m.•6 views

CVE-2026-21908

A Use After Free vulnerability was identified in the 802.1X authentication daemon dot1xd of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service DoS, or potentially...

7.5CVSS0.00293EPSS

Exploits0References2

OSV•added 2026/01/15 9:16 p.m.•6 views

CVE-2026-21908

7.1CVSS6.2AI score

Exploits0References2

ATTACKERKB•added 2026/01/15 8:21 p.m.•3 views

CVE-2026-21908

7.5CVSS6.1AI score0.00293EPSS

Exploits0References3Affected Software2

Vulnrichment•added 2026/01/15 8:21 p.m.•5 views

CVE-2026-21908 Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process

7.5CVSS7.4AI score0.00293EPSS

Exploits0References2

CVE•added 2026/01/15 8:21 p.m.•14 views

CVE-2026-21908

Summary (CVE-2026-21908): A Use-After-Free in Juniper Networks Junos OS and Junos OS Evolved’s 802.1X daemon (dot1xd) can be triggered by a port bounce during a change in authorization (CoA). Successful exploitation could cause a crash (DoS) or potentially execute code with root privileges. Affec...

7.5CVSS7.4AI score0.00293EPSS

Exploits0References2Affected Software2

EUVD•added 2026/01/15 8:21 p.m.•3 views

EUVD-2026-2690

7.5CVSS7.3AI score0.00293EPSS

Tenable Nessus•added 2026/01/15 12:0 a.m.•4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003128 advisory. An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land an...

7.8CVSS7.3AI score0.00839EPSS

Exploits1References16

NVD•added 2026/01/13 9:15 p.m.•7 views

CVE-2025-37186

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

7.8CVSS0.00156EPSS

Positive Technologies•added 2026/01/13 12:0 a.m.•5 views

PT-2026-2464

7.8CVSS7.6AI score0.00156EPSS

Tenable Nessus•added 2026/01/09 12:0 a.m.•4 views

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56840)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

7.5CVSS7.6AI score0.00574EPSS

Tenable Nessus•added 2026/01/09 12:0 a.m.•5 views

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements Used in a Command (CVE-2024-56837)

8.6CVSS7.6AI score0.00466EPSS

RedhatCVE•added 2026/01/07 9:54 a.m.•9 views

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

6.8CVSS7.2AI score0.00138EPSS

RedhatCVE•added 2025/12/31 8:0 p.m.•3 views

CVE-2025-69257

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

6.7CVSS7.5AI score0.0012EPSS

EUVD•added 2025/12/30 11:45 p.m.•6 views

EUVD-2025-205849

theshit vulnerable to unsafe loading of user-owned Python rules when running as root...

6.7CVSS6.5AI score0.0012EPSS

Cvelist•added 2025/12/23 10:4 p.m.•26 views

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS0.0318EPSS

Exploits1References4

RedhatCVE•added 2025/12/19 6:19 p.m.•5 views

CVE-2025-14739

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316...

7.7CVSS7.9AI score0.00189EPSS

Cvelist•added 2025/12/18 6:2 p.m.•24 views

CVE-2025-14739 Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND

7.7CVSS0.00189EPSS

Vulnrichment•added 2025/12/18 6:2 p.m.•3 views

CVE-2025-14739 Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND

7.7CVSS7.5AI score0.00189EPSS