CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

235 matches found

RedhatCVE•added 2026/06/17 2:27 p.m.•9 views

CVE-2026-12528

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS5.4AI score0.00231EPSS

Exploits0References4

CVE•added 2026/06/17 2:27 p.m.•16 views

CVE-2026-12528

Affected software/component: 389 Directory Server, in function __aclp__normalize_acltxt() of aclparse.c. Issue: malformed ACI strings can trigger heap-buffer-overflow writes and reads during ACI parsing; the keyword length after whitespace stripping is not validated, causing 1-byte out-of-bounds ...

5.4CVSS5.3AI score0.00231EPSS

Exploits0References3

CNVD•added 2026/03/09 12:0 a.m.•1 views

Microsoft ACI Confidential Containers Information Disclosure Vulnerability

Microsoft ACI Confidential Containers is a Microsoft credentials container. A security vulnerability exists in Microsoft ACI Confidential Containers that stems from an improper design and can be exploited by an attacker to obtain sensitive information...

6.5CVSS5.8AI score0.01016EPSS

Exploits0References1

Cvelist•added 2026/03/05 10:18 p.m.•16 views

CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability

...

6.5CVSS0.01016EPSS

Exploits0References1

ATTACKERKB•added 2026/03/05 10:18 p.m.•2 views

CVE-2026-26122

Initialization of a resource with an insecure default in Azure Compute Gallery allows an authorized attacker to disclose information over a network...

6.5CVSS5.7AI score0.01016EPSS

Exploits0References2

CVE•added 2026/03/05 10:18 p.m.•15 views

CVE-2026-23651

CVE-2026-23651 : A permissive regular expression in Azure Compute Gallery allows an authorized local attacker to elevate privileges. The entry provides a CVSS v3.1 base score of 6.7 (Medium), with local attack vector, high privileges required, no user interaction, and high impact on confidentiali...

6.7CVSS5.9AI score0.00593EPSS

Exploits0References1Affected Software1

Kaspersky•added 2026/03/05 12:0 a.m.•4 views

KLA90913 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft ACI Confidential Containers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...

6.7CVSS6.1AI score0.01016EPSS

Exploits0References4

NVD•added 2026/02/25 5:25 p.m.•7 views

CVE-2026-20048

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper processing when...

7.7CVSS0.00302EPSS

Exploits0References1

ATTACKERKB•added 2026/02/25 4:26 p.m.•7 views

CVE-2026-20048

7.7CVSS5.7AI score0.00302EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/02/25 12:0 a.m.•6 views

PT-2026-21947

Name of the Vulnerable Software and Affected Versions Cisco Nexus 9000 Series Fabric Switches versions affected versions not specified Description A flaw exists in Cisco Nexus 9000 Series Fabric Switches operating in ACI mode that may allow a remote, unauthenticated attacker to disrupt service. T...

7.4CVSS5.3AI score0.00158EPSS

Exploits0References5

Talos Blog•added 2026/02/10 11:54 p.m.•8 views

Microsoft Patch Tuesday for February 2026 — Snort rules and prominent vulnerabilities

Microsoft has released its monthly security update for February 2026, which includes 59 vulnerabilities affecting a range of products, including two that Microsoft marked as "Critical". CVE-2026-21522 is a critical elevation of privilege vulnerability affecting Microsoft ACI Confidential...

8.8CVSS6.8AI score0.25835EPSS

Exploits18

CVE•added 2026/02/10 5:51 p.m.•19 views

CVE-2026-21522

Azure Compute Gallery is affected by CVE-2026-21522 due to improper neutralization of special elements used in a command, enabling an authorized attacker to achieve local privilege escalation. The issue concerns command injection in the Azure Compute Gallery workflow, with a CVSS v3.1 base score ...

6.7CVSS5.6AI score0.00415EPSS

Exploits0References1Affected Software1

Microsoft CVE•added 2026/02/10 4:0 p.m.•6 views

Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Azure Compute Gallery allows an authorized attacker to elevate privileges locally...

6.7CVSS5.6AI score0.00415EPSS

Exploits0

Tenable Nessus•added 2026/01/16 12:0 a.m.•5 views

MiracleLinux 4 : 389-ds-base-1.2.11.15-14.AXS4 (AXSA:2013-412:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-412:03 advisory. 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Security...

2.6CVSS5.4AI score0.02096EPSS

Exploits0References2

OSSF Malicious Packages•added 2025/11/12 4:47 p.m.•6 views

Malicious code in aciyua-idut-daau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d2bf5f0b85f0423110166d791fefa23c06d4a5cd9638dc5de81c23569f9e4596 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

Exploits0