CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

RedhatCVE•added 2026/01/24 3:17 a.m.•13 views

CVE-2026-23988

Rufus is a utility that helps format and create bootable USB flash drives. Versions 4.11 and below contain a race condition TOCTOU in src/net.c during the creation, validation, and execution of the Fido PowerShell script. Since Rufus runs with elevated privileges Administrator but writes the scri...

7.3CVSS6.2AI score0.00188EPSS

Exploits1References1

NVD•added 2026/01/22 10:16 p.m.•13 views

CVE-2026-23988

7.3CVSS0.00188EPSS

Exploits1References3

Vulnrichment•added 2026/01/22 9:52 p.m.•3 views

CVE-2026-23988 Rufus has Local Privilege Escalation via TOCTOU Race Condition in Fido Script Handling

7.3CVSS6.2AI score0.00188EPSS

Exploits1References3

ATTACKERKB•added 2026/01/22 9:52 p.m.•4 views

CVE-2026-23988

7.3CVSS6.2AI score0.00188EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/01/22 9:52 p.m.•18 views

CVE-2026-23988 Rufus has Local Privilege Escalation via TOCTOU Race Condition in Fido Script Handling

7.3CVSS0.00188EPSS

Exploits1References3

OSV•added 2026/01/22 9:52 p.m.•6 views

CVE-2026-23988 Rufus has Local Privilege Escalation via TOCTOU Race Condition in Fido Script Handling

7.3CVSS6.2AI score0.00188EPSS

Exploits1References5

EUVD•added 2026/01/22 9:52 p.m.•5 views

EUVD-2026-4202

7.3CVSS6.2AI score0.00188EPSS

Exploits1References3

CVE•added 2026/01/22 9:52 p.m.•15 views

CVE-2026-23988

CVE-2026-23988 affects Rufus 4.11 and earlier. A TOCTOU race in the Fido PowerShell script handling (in src/net.c) occurs while the script is created, validated, and executed. Rufus runs with Administrator privileges but writes the script to %TEMP% (writable by standard users) without proper lock...

7.3CVSS6.2AI score0.00188EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/01/22 12:0 a.m.•5 views

Rufus security vulnerabilities

Rufus is a reliable USB formatting tool developed by Pete Batard as an individual developer. Versions of Rufus 4.11 and earlier contained security vulnerabilities. These vulnerabilities stemmed from race conditions during the creation, validation, and execution of Fido PowerShell scripts, which...

7.3CVSS6.1AI score0.00188EPSS

Exploits1References4

Positive Technologies•added 2026/01/22 12:0 a.m.•7 views

PT-2026-4296

Name of the Vulnerable Software and Affected Versions Rufus versions 4.11 and below Description Rufus, a utility for formatting and creating bootable USB flash drives, contains a time-of-check to time-of-use TOCTOU race condition in the src/net.c file. This occurs during the creation, validation,...

7.3CVSS6.5AI score0.00188EPSS

Exploits1References13

Veeam•added 2025/11/10 12:0 a.m.•11 views

Appliance Installer Error: "An unknown error has occured"

Challenge When installing a Veeam Infrastructure Appliance on a physical or virtual machine using a bootable USB device created from the JeOS ISO file, the following error occurs: An unknown error has occurred Cause This problem happens during installation, following the disk partitioning step, a...

6.8AI score

Exploits0Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-4601

Malware in sbrugna...

8.1CVSS6.7AI score0.00963EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2025-5101

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00168EPSS

Exploits0References2

Securelist•added 2025/08/18 9:0 a.m.•13 views

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824

In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which we first...

9.3CVSS8.7AI score0.9923EPSS

Exploits58

RedhatCVE•added 2025/05/22 7:42 a.m.•4 views

CVE-2019-1010101

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is: arbitrary code execution with escalation of privilege. The component is: Executable installer, portable executable ALL executables available. The attack vector is: CWE-29, CWE-377, CWE-379...

9.8CVSS8.1AI score0.03424EPSS

Exploits0References1

RedhatCVE•added 2025/02/20 10:50 p.m.•8 views

CVE-2025-26624

Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 and earlier versions allows an attacker loading and executing a malicious DLL with escalated privileges since the executable has been granted higher privileges during the tim...

6.8CVSS6.5AI score0.00168EPSS

Exploits0References1

NVD•added 2025/02/18 11:15 p.m.•9 views

CVE-2025-26624

6.8CVSS0.00168EPSS

Exploits0References2

Vulnrichment•added 2025/02/18 10:40 p.m.•6 views

CVE-2025-26624 Local Privilege Escalation in Rufus 4.6 and previous versions

6.8CVSS6.3AI score0.00168EPSS

Exploits0References2

Cvelist•added 2025/02/18 10:40 p.m.•30 views

CVE-2025-26624 Local Privilege Escalation in Rufus 4.6 and previous versions

6.8CVSS0.00168EPSS

Exploits0References2

CVE•added 2025/02/18 10:40 p.m.•86 views

CVE-2025-26624

CVE-2025-26624 describes a DLL hijacking/local privilege escalation in Rufus. Affected: Rufus 4.6.2208 and earlier. Root cause: the launcher loads a malicious cfgmgr32.dll from the same directory via side-loading when the executable has elevated privileges. Impact: enables loading/execution of a ...

6.8CVSS6.9AI score0.00168EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by