CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Windows DWM Core Library affected versions not specified Description A use after free issue in the Windows DWM Core Library allows an authorized attacker to elevate privileges locally. Use after free is a memory corruption flaw that occurs whe...

7.8CVSS5.4AI score0.00088EPSS

Exploits0References3

RedhatCVE•added last week•4 views

CVE-2026-28577

In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00005EPSS

Exploits0References1

NVD•added 2026/06/01 10:16 p.m.•6 views

CVE-2026-28577

7.8CVSS0.00005EPSS

Exploits0References1

Vulnrichment•added 2026/06/01 9:14 p.m.•8 views

CVE-2026-28577

5.9AI score0.00005EPSS

Exploits0References1

ATTACKERKB•added 2026/06/01 9:14 p.m.•6 views

CVE-2026-28577

7.8CVSS5.9AI score0.00005EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/01 9:14 p.m.•27 views

CVE-2026-28577

0.00005EPSS

Exploits0References1

CVE•added 2026/06/01 9:14 p.m.•18 views

CVE-2026-28577

CVE-2026-28577 corresponds to a tapjacking/overlay flaw in Android’s WindowManagerService.addWindow. The issue could permit local elevation of privilege with no extra execution privileges and without user action. CVSS 3.1 base metrics indicate Local, Low attack complexity and Low privileges requi...

7.8CVSS5.9AI score0.00005EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/06/01 12:0 a.m.•8 views

PT-2026-45610

Name of the Vulnerable Software and Affected Versions WindowManagerService affected versions not specified Description A tapjacking issue exists in the addWindow function of WindowManagerService.java, where a tapjacking or overlay attack—a technique where a malicious application overlays a...

7.8CVSS5.9AI score0.00005EPSS

Exploits0References5

OSV•added 2026/06/01 12:0 a.m.•5 views

ASB-A-389950114

7.8CVSS5.9AI score0.00005EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в chromium

Before version 96.0.4664.93, using free after in the window manager in Google Chrome on ChromeOS allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.4AI score0.01375EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в chromium

Integer overflow in the Window Manager in Google Chrome on the Chrome OS and Lacros before version 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out-of-bounds memory write via crafted UI interactions. Chrome security severity: Hig...

8.8CVSS7.4AI score0.00391EPSS

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в fly-wm

The vulnerability of the fly-adjust-palette utility in the window graphical manager fly-wm is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to cause a service failure...

6CVSS5.9AI score

Exploits0References2

RedhatCVE•added 2026/05/13 8:23 p.m.•6 views

CVE-2026-35419

Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00042EPSS

Exploits0References1