CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/09 10:1 a.m.•6 views

CLSA-2026-1773050498 Fix CVE(s): CVE-2025-10230

SECURITY UPDATE: remote command execution via unsanitized WINS hook NetBIOS name handling in Samba AD DC - debian/patches/CVE-2025-10230.patch: validate NetBIOS names in source4 WINS hook to prevent shell metacharacter injection - debian/patches/CVE-2025-10230-test.patch: add torture tests for WI...

10CVSS7.6AI score0.39677EPSS

OSV•added 2025/11/07 8:15 p.m.•4 views

AZL-69782 CVE-2025-10230 affecting package samba 4.12.5-7

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

10CVSS7.5AI score0.39677EPSS

OSV•added 2025/11/07 8:15 p.m.•4 views

ALPINE-CVE-2025-10230

10CVSS7.1AI score0.39677EPSS

OSV•added 2025/11/07 8:15 p.m.•6 views

AZL-69830 CVE-2025-10230 affecting package samba 4.18.3-2

10CVSS7.5AI score0.39677EPSS

NVD•added 2025/11/07 8:15 p.m.•6 views

CVE-2025-10230

10CVSS0.39677EPSS

Exploits2References5

EUVD•added 2025/11/07 7:42 p.m.•5 views

EUVD-2025-38301

10CVSS6.4AI score0.39677EPSS

Exploits2References4

CVE•added 2025/11/07 7:42 p.m.•91 views

CVE-2025-10230

CVE-2025-10230 involves Samba’s front-end WINS hook where NetBIOS names from registration packets are inserted into a shell without proper validation or escaping, enabling unauthenticated remote code execution as the Samba process. The issue is rooted in unsanitized NetBIOS data in WINS registrat...

10CVSS6.7AI score0.39677EPSS

Exploits2References5

Cvelist•added 2025/11/07 7:42 p.m.•12 views

CVE-2025-10230 Samba: command injection in wins server hook script

10CVSS0.39677EPSS

AlpineLinux•added 2025/11/07 7:42 p.m.•14 views

CVE-2025-10230

10CVSS6.9AI score0.39677EPSS

Tenable Nessus•added 2025/11/05 12:0 a.m.•7 views

Samba WINS hook RCE (CVE-2025-10230)

In the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller's...

10CVSS7.5AI score0.39677EPSS

Exploits2References2

AstraLinux•added 2025/11/01 10:54 a.m.•11 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba, particularly in the handling of the front-end WINS hook: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets is inserted into shell commands and executed b...

10CVSS8.1AI score0.39677EPSS

Tenable Nessus•added 2025/10/27 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2025-10230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or...

10CVSS6AI score0.39677EPSS

Exploits2References2

Tenable Nessus•added 2025/10/21 12:0 a.m.•4 views

SUSE SLES15: ctdb / libsamba-policy-devel / libsamba-policy-python3-devel / etc (SUSE-SU-2025:3677-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3677-1 advisory. - CVE-2025-9640: Fixed vfsstreamsxattr uninitialized memory write bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS...

10CVSS7.1AI score0.39677EPSS

Exploits2References7

Ubuntu•added 2025/10/20 6:5 a.m.•9 views

USN-7826-2: Samba vulnerabilities

USN-7826-1 fixed vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An...

10CVSS5.6AI score0.39677EPSS

OSV•added 2025/10/20 6:5 a.m.•2 views

USN-7826-2 samba vulnerabilities

10CVSS7.4AI score0.39677EPSS

GithubExploit•added 2025/10/19 3:30 p.m.•347 views

Exploit for CVE-2025-10230

CVE-2025-10230 PoC for CVE-2025-10230 - Samb...

7.2AI score0.39677EPSS

SUSE CVE•added 2025/10/16 11:38 p.m.•4 views

SUSE CVE-2025-10230

10CVSS6.9AI score0.39677EPSS

Exploits2References11

Ubuntu•added 2025/10/16 7:48 a.m.•6 views

USN-7826-1: Samba vulnerabilities

Andrew Walker discovered that Samba incorrectly initialized memory in the vfsstreamsxattr module. An authenticated attacker could possibly use this issue to obtain sensitive information. CVE-2025-9640 Igor Morgenstern discovered that Samba incorrectly handled names passed to the WINS hook program...

10CVSS5.4AI score0.39677EPSS

OSV•added 2025/10/16 7:48 a.m.•4 views

USN-7826-1 samba vulnerabilities

10CVSS7.3AI score0.39677EPSS