CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30434 matches found

RedhatCVE•added 2026/04/15 7:22 p.m.•2 views

CVE-2026-26165

Use after free in Windows Shell allows an authorized attacker to elevate privileges locally...

7CVSS5.8AI score0.00052EPSS

Exploits0References1

OSV•added 2026/04/15 6:37 p.m.•2 views

MAL-2026-2884 Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

5.9AI score

Exploits0References2

OSSF Malicious Packages•added 2026/04/15 6:37 p.m.•8 views

Malicious code in forge-jsx (npm)

5.9AI score

Exploits0References2

SUSE CVE•added 2026/04/15 8:32 a.m.•2 views

SUSE CVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

9.1CVSS6AI score0.00023EPSS

Exploits1References2

CNNVD•added 2026/04/15 12:0 a.m.•5 views

Shopping Cart 安全漏洞

Shopping Cart is a SSH host connection management tool developed by Thijmen’s individual developer. Version 0.0.2 of Shopping Cart contains a security vulnerability, which stems from command injection in the connect function. This vulnerability could potentially allow for the execution of arbitra...

8.4CVSS6.4AI score0.00179EPSS

Exploits0References1

SUSE CVE•added 2026/04/14 11:30 p.m.•5 views

SUSE CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

7.1CVSS5.8AI score0.00021EPSS

Exploits0References20

Snyk•added 2026/04/14 10:49 p.m.•0 views

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php script, which executes a shell command and returns sensitive information as JSON to any unauthenticated user. An attacker ca...

6.9CVSS5.8AI score

Exploits0References2

RedhatCVE•added 2026/04/14 7:23 p.m.•2 views

CVE-2026-39620

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...

9.6CVSS5.8AI score0.00021EPSS

Exploits0References1

RedhatCVE•added 2026/04/14 7:22 p.m.•4 views

CVE-2026-32892

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move function in fileManage.lib.php passes user-controlled path values directly into exec shell commands without using...

9.1CVSS6.1AI score0.00095EPSS

Exploits0References1

EUVD•added 2026/04/14 6:30 p.m.•0 views

EUVD-2026-22613

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.00094EPSS

Exploits0References2

EUVD•added 2026/04/14 6:30 p.m.•0 views

EUVD-2026-22589

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS5.8AI score0.56822EPSS

Exploits3References2

EUVD•added 2026/04/14 6:30 p.m.•1 views

EUVD-2026-22536

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...

6.5CVSS5.7AI score0.00118EPSS

Exploits0References2

EUVD•added 2026/04/14 6:30 p.m.•0 views

EUVD-2026-22462

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Shell allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00047EPSS

Exploits0References2

EUVD•added 2026/04/14 6:30 p.m.•2 views

EUVD-2026-22392

Use after free in Windows Shell allows an authorized attacker to elevate privileges locally...

7CVSS5.7AI score0.00052EPSS

Exploits0References2

EUVD•added 2026/04/14 6:30 p.m.•2 views

EUVD-2026-22394

Double free in Windows Shell allows an authorized attacker to elevate privileges locally...

7CVSS5.7AI score0.00052EPSS

Exploits0References2

NVD•added 2026/04/14 6:17 p.m.•2 views

CVE-2026-32225

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS0.00094EPSS

Exploits0References1

NVD•added 2026/04/14 6:17 p.m.•1 views

CVE-2026-32202

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

4.3CVSS0.56822EPSS

Exploits3References4

NVD•added 2026/04/14 6:17 p.m.•1 views

CVE-2026-32151

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...

6.5CVSS0.00118EPSS

Exploits0References1

NVD•added 2026/04/14 6:17 p.m.•1 views

CVE-2026-27918

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Shell allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00047EPSS

Exploits0References1

NVD•added 2026/04/14 6:16 p.m.•2 views

CVE-2026-26166

Double free in Windows Shell allows an authorized attacker to elevate privileges locally...

7CVSS0.00052EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by