CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 days ago•6 views

CVE-2025-15653

7CVSS5.8AI score0.00022EPSS

Exploits0References3

Vulnrichment•added 2 days ago•2 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

7CVSS5.8AI score0.00022EPSS

CNNVD•added 2026/05/28 12:0 a.m.•4 views

AnythingLLM 安全漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a security vulnerability. This vulnerability stemmed from mobile device tokens created in single-user mode being accepted after migration to multi-user mode, without any user...

2CVSS5.8AI score0.00033EPSS

Exploits1References2

Vulnrichment•added 2026/04/08 7:50 p.m.•1 views

CVE-2026-39862 Tophat has a Command Injection Vulnerability When Accessing a Maliciously Crafted Tophat Link

Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...

8.7CVSS6.7AI score0.00347EPSS

Tenable Nessus•added 2026/04/07 12:0 a.m.•4 views

VMware Workstation 17.x, 25H2 < 25H2u1 NULL Pointer Dereference (VMSA-2026-0002)

The version of VMware Workstation installed on the remote host is 17.x, 25H2.x prior to 25H2u1. It is, therefore, affected by a vulnerability: - A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error...

6.1CVSS5.9AI score0.00008EPSS

RedhatCVE•added 2026/03/26 2:59 p.m.•3 views

CVE-2026-2273

CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited compromise of the workstation and a potential loss of Confidentiality, Integrity and Availability of...

7.2CVSS6AI score0.00034EPSS

CNVD•added 2026/03/17 12:0 a.m.•2 views

Schneider Electric EcoStruxure Foxboro DCS Code Issue Vulnerability

The Schneider Electric EcoStruxure Foxboro DCS is an innovative fault-tolerant, highly available control component from Schneider Electric, France. A code issue vulnerability exists in the Schneider Electric EcoStruxure Foxboro DCS, which can be exploited by an attacker to cause compromise of...

7CVSS5.9AI score0.00329EPSS

Exploits0

CNVD•added 2026/03/17 12:0 a.m.•1 views

Schneider Electric EcoStruxure Automation Expert Code Injection Vulnerability

Schneider Electric EcoStruxure Automation Expert is a software platform for industrial automation systems from the French company Schneider Electric Schneider Electric. A code injection vulnerability exists in Schneider Electric EcoStruxure Automation Expert, which can be exploited by an attacker...

7.2CVSS5.5AI score0.00034EPSS

Exploits0

EUVD•added 2026/03/16 3:30 p.m.•2 views

EUVD-2025-208693

Non-working logout functionality in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin password...

6CVSS5.8AI score0.00017EPSS

NVD•added 2026/03/16 2:17 p.m.•0 views

CVE-2025-15554

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

7.8CVSS0.00019EPSS

Cvelist•added 2026/03/16 10:46 a.m.•22 views

CVE-2025-15554 Admin Passwords Cached by Browsers in Truesec LAPSWebUI

Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords...

6CVSS0.00019EPSS

Zero Day Initiative•added 2026/03/16 12:0 a.m.•2 views

(Pwn2Own) VMware Workstation PVSCSI Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the...

8.2CVSS6.2AI score0.00117EPSS

EUVD•added 2026/03/10 6:31 p.m.•1 views

EUVD-2026-10571

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2026-10572

EUVD•added 2026/03/10 6:31 p.m.•1 views

EUVD-2026-10565

CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated user opens a malicious project file...

7CVSS6.4AI score0.00329EPSS

NVD•added 2026/03/10 6:18 p.m.•0 views

CVE-2026-2273

7.2CVSS0.00034EPSS

Vulnrichment•added 2026/03/10 5:18 p.m.•1 views

CVE-2026-2273

ATTACKERKB•added 2026/03/10 5:18 p.m.•0 views

CVE-2026-2273

Exploits0References2Affected Software1

CVE•added 2026/03/10 5:18 p.m.•7 views

CVE-2026-2273

CVE-2026-2273 is a Code Injection (CWE-94) flaw enabling execution of untrusted commands on an engineering workstation when a malicious project file is opened by an authenticated user. The vulnerability arises from improper control over code generation, potentially leading to a limited compromise...