CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/25 3:9 p.m.•4 views

USN-8301-1 simpleeval vulnerability

Byambadalai Sumiya discovered that SimpleEval did not properly restrict attribute access and callback handling inside a sandbox. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.6AI score0.00052EPSS

Exploits0References2

Vulnrichment•added 2026/05/25 2:15 p.m.•10 views

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to execute arbitrary code by exploiting structured exception handling. Attackers can craft a malicious payload and paste it into the Name and Code fields of the...

Cvelist•added 2026/05/25 2:15 p.m.•18 views

CVE-2018-25377 Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH

8.6CVSS0.00017EPSS

CVE•added 2026/05/25 2:15 p.m.•16 views

CVE-2018-25376

CVE-2018-25376 affects Socusoft 3GP Photo Slideshow 8.05. A buffer overflow in the registration dialog can be triggered by crafted input in Registration Name/Registration Key, allowing local attackers to overwrite the SEH chain and execute shellcode (reverse shell) via a local exploit. This impli...

RedhatCVE•added 2026/05/25 1:54 p.m.•8 views

CVE-2018-25356

A flaw was found in SIPp. A local attacker can exploit a buffer overflow vulnerability by providing oversized input to command-line arguments, such as -3pcc, -i, or -logfile. This can lead to arbitrary code execution or cause the application to crash, resulting in a denial of service...

8.6CVSS6.5AI score0.00018EPSS

Exploits0References2

RedhatCVE•added 2026/05/25 12:44 p.m.•12 views

CVE-2026-48831

A flaw was found in Wine. Wine's desktop file registers itself to handle Windows executable EXE files. In some configurations, opening an EXE file can cause it to run automatically with the user's permissions, without further prompts. This allows an attacker to bypass security sandboxes like...

7.3CVSS6.2AI score0.00026EPSS

Exploits0References2

OSV•added 2026/05/25 8:24 a.m.•5 views

USN-8299-1 rclone vulnerabilities

It was discovered that Rclone incorrectly handled authorization in the remote control API. An attacker could possibly use this issue to obtain sensitive information. CVE-2026-41176 It was discovered that Rclone incorrectly handled backend instantiation via the remote control API. An attacker coul...

9.8CVSS5.8AI score0.26321EPSS

Exploits2References3

OSV•added 2026/05/25 7:30 a.m.•4 views

CLSA-2026-1779694248 mpg123: Fix of CVE-2024-10573

CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams could lead to heap corruption and potential arbitrary code execution; decode the MPEG header into a temporary copy that is only applied to the live handle after the frame body is validated upstream svn-r5442, main fix, and...

6.7CVSS6.1AI score0.00064EPSS

EUVD•added 2026/05/25 6:0 a.m.•10 views

EUVD-2026-31642

A vulnerability in MLflow versions =3.10.1.dev0 allows unauthorized access to multipart upload MPU endpoints when the --serve-artifacts mode is enabled. The authorization logic does not enforce resource-level permission checks for /mlflow-artifacts/mpu/ endpoints, enabling attackers to overwrite...

9CVSS6.3AI score0.00054EPSS

Exploits1References2

Nuclei•added 2026/05/25 4:37 a.m.•141 views

Confluence Server - Remote Code Execution

Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version...

9.8CVSS7.5AI score0.9444EPSS

Exploits45References5

Nuclei•added 2026/05/25 4:37 a.m.•90 views

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

10CVSS7.8AI score0.94393EPSS

Exploits11References5

CVE•added 2026/05/25 1:50 a.m.•8 views

CVE-2026-9489

NitroSense V3 (affected versions prior to 3.01.3052) contains a Local Privilege Escalation due to a misconfigured Windows Named Pipe that uses a custom protocol to invoke internal functions. The misconfiguration allows any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTE...

8.5CVSS6.3AI score0.00023EPSS

EUVD•added 2026/05/25 1:50 a.m.•9 views

EUVD-2026-31619

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.00023EPSS

Vulnrichment•added 2026/05/25 1:50 a.m.•6 views

CVE-2026-9489 NitroSense V3: Local Privilege Escalation (LPE) vulnerability

8.5CVSS6.3AI score0.00023EPSS

CNNVD•added 2026/05/25 12:0 a.m.•5 views

SocuSoft iPod Photo Slideshow 安全漏洞

SocuSoft iPod Photo Slideshow is a photo album video creation software from SocuSoft. A security vulnerability exists in SocuSoft iPod Photo Slideshow version 8.05, which originates from a buffer overflow in the registration dialog box that could allow a local attacker to execute arbitrary code b...

Tenable Nessus•added 2026/05/25 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2023-47268

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is...

5.3CVSS6.2AI score0.00072EPSS

Exploits4References2

Vulnrichment•added 2026/05/23 6:30 p.m.•7 views

CVE-2018-25355 Audiograbber 1.83 Local Buffer Overflow via SEH

Audiograbber 1.83 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attackers can craft malicious input in the Interpret or Album fields that triggers a buffer overflow, overwriting SEH pointers a...