CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

7.5CVSS

Exploits0References1

Vulnrichment•added 3 days ago•7 views

CVE-2026-10279 hiraishikentaro wezterm-mcp switch_pane/write_to_specific_pane wezterm_executor.ts os command injection

A vulnerability was identified in hiraishikentaro wezterm-mcp 0.1.0. The affected element is an unknown function of the file src/weztermexecutor.ts of the component switchpane/writetospecificpane. The manipulation of the argument request.params.arguments.paneid leads to os command injection. The...

6.5CVSS6.4AI score0.00734EPSS

Exploits0References6

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42095

NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS5.9AI score0.00047EPSS

Exploits0References3

Packet Storm News•added 2026/04/07 12:0 a.m.•2 views

Time-Domain Voice Identity Morphing (TD-VIM): A Signal-Level Approach to Morphing Attacks on Speaker Verification Systems

In biometric systems, it is a common practice to associate each sample or template with a specific individual. Nevertheless, recent studies have demonstrated the feasibility of generating "morphed" biometric samples capable of matching multiple identities. These morph attacks have been recognized...

5.8AI score

Exploits0

EUVD•added 2026/03/09 3:30 p.m.•0 views

EUVD-2026-10333

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

5.8AI score0.00032EPSS

Exploits0References2

Packet Storm News•added 2026/02/18 12:0 a.m.•2 views

Arc2Morph: Identity-Preserving Facial Morphing with Arc2Face

Face morphing attacks are widely recognized as one of the most challenging threats to face recognition systems used in electronic identity documents. These attacks exploit a critical vulnerability in passport enrollment procedures adopted by many countries, where the facial image is often acquire...

5.7AI score

Exploits0

Packet Storm News•added 2026/02/13 12:0 a.m.•3 views

Assessing Spear-Phishing Website Generation in Large Language Model Coding Agents

Large Language Models are expanding beyond being a tool humans use and into independent agents that can observe an environment, reason about solutions to problems, make changes that impact those environments, and understand how their actions impacted their environment. One of the most common...

5.6AI score

Exploits0

RedhatCVE•added 2026/02/10 7:33 a.m.•2 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.4AI score0.00043EPSS

Exploits0References1

OSV•added 2026/02/04 9:15 p.m.•0 views

CVE-2023-38010

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system...

7.5CVSS5.8AI score

Exploits0References1

RedhatCVE•added 2026/01/09 12:33 p.m.•4 views

CVE-2023-31289

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort...

7.5CVSS7.1AI score0.00277EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:24 p.m.•5 views

CVE-2018-14867

Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters...

5.3CVSS7.1AI score0.00258EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:49 a.m.•2 views

CVE-2022-27834

Use after free vulnerability in dspcontextunloadgraph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions...

7CVSS7.1AI score0.00015EPSS

Exploits0References1

OSV•added 2025/12/31 4:15 p.m.•0 views

CVE-2025-15390

A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for...

8.8CVSS5.5AI score0.00011EPSS

Exploits1References5

EUVD•added 2025/11/21 12:30 a.m.•1 views

EUVD-2025-198361

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...

7.5CVSS5.1AI score0.00033EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-1633

Malware in sbrugna...

5CVSS6.4AI score0.00262EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-1454

Malware in sbrugna...

4.3CVSS6.4AI score0.05051EPSS

Exploits0References4