CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1085510 matches found

Tenable Nessus•added 2026/06/18 12:0 a.m.•6 views

Siemens Ruggedcom Rox Improper Neutralization of Special Elements Used in an OS Command (CVE-2025-40947)

Affected devices do not properly sanitize user-supplied input during the feature key installation process. This could allow an authenticated remote attacker to inject arbitrary commands, resulting in remote code execution with root privileges on the underlying operating system. This plugin only...

7.7CVSS8AI score0.00433EPSS

Exploits0References4

Positive Technologies•added 2026/06/18 12:0 a.m.•15 views

PT-2026-50820

Name of the Vulnerable Software and Affected Versions AVer PTC500S affected versions not specified AVer PTC115 affected versions not specified AVer PTC500+ affected versions not specified AVer PTC115+ affected versions not specified Description Improper input validation in these networked...

9.8CVSS6.5AI score0.00616EPSS

Exploits0References8

Tenable Nessus•added 2026/06/18 12:0 a.m.•6 views

Vim < 9.2.0496 Code Injection (GHSA-4473-94jm-w5x9)

The version of Vim installed on the remote host is prior to 9.2.0496. It is, therefore, affected by a vulnerability as referenced in the GHSA-4473-94jm-w5x9 advisory. - A code injection vulnerability exists in s:stepmatch in the cucumber filetype plugin runtime/ftplugin/cucumber.vim on Vim builds...

5.3CVSS6.2AI score0.00135EPSS

Exploits0References2

Tenable Nessus•added 2026/06/18 12:0 a.m.•12 views

Oracle Linux 8 : httpd:2.4 (ELSA-2026-25090)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-25090 advisory. - Resolves: RHEL-173558 - httpd:2.4/httpd: Apache HTTP Server modproxyajp: Arbitrary code execution via heap-based buffer overflow CVE-2026-28780 - Resolves:...

9.8CVSS7.7AI score0.99999EPSS

Exploits38References2

Tenable Nessus•added 2026/06/18 12:0 a.m.•8 views

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26157)

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

7CVSS7.5AI score0.00682EPSS

Exploits2References3

Tenable Nessus•added 2026/06/18 12:0 a.m.•4 views

Siemens RuggedCom Rox Out-of-bounds Write (CVE-2019-13106)

Das U-Boot versions 2016.09 through 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.3CVSS7AI score0.0175EPSS

Exploits0References3

Tenable Nessus•added 2026/06/18 12:0 a.m.•8 views

Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS7.6AI score0.00631EPSS

Exploits0References4

CERT•added 2026/06/18 12:0 a.m.•5 views

Vendor-signed UEFI applications found vulnerable to Secure Boot bypass

Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...

8.2CVSS7.5AI score0.01036EPSS

Exploits1References7

OSV•added 2026/06/17 11:36 p.m.•3 views

MINI-X6JH-2FFP-Q5P2

Bulletin has no description...

9.6CVSS4.9AI score0.00344EPSS

Exploits0

OSV•added 2026/06/17 11:24 p.m.•3 views

MINI-CRPF-VV9M-JQJC

Bulletin has no description...

7.5CVSS4.8AI score0.00335EPSS

Exploits0

NVD•added 2026/06/17 11:17 p.m.•8 views

CVE-2026-53676

ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...

8.6CVSS0.00603EPSS

Exploits0References3

Cvelist•added 2026/06/17 10:53 p.m.•24 views

CVE-2026-53676

8.6CVSS0.00603EPSS

Exploits0References3

CVE•added 2026/06/17 10:53 p.m.•17 views

CVE-2026-53676

Technical details for CVE-2026-53676 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

8.6CVSS7.8AI score0.00603EPSS

Exploits0References3

OSV•added 2026/06/17 10:33 p.m.•3 views

MINI-4PJG-9V86-HWQH

Bulletin has no description...

8.1CVSS4.9AI score0.00407EPSS

Exploits0

OSV•added 2026/06/17 10:23 p.m.•5 views

MAL-2026-6087 Malicious code in uol-simple-api-futebol (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 962c38ed6ec061ce6a530aeea5a960dfc2b75caec56f7a1bc648f6b6cb655271 The package's only documented function, getJogos default export, unconditionally invokes an internal helper named prepareCacheMatchs which POSTs the...

5.8AI score

Exploits0References3

NVD•added 2026/06/17 10:16 p.m.•10 views

CVE-2026-12530

Improper neutralization of argument delimiters in the installpackages method in AWS Bedrock AgentCore Python SDK versions = 1.1.3 and 1.6.1 might allow a remote authenticated user to execute arbitrary commands within the Code Interpreter sandbox via crafted package name arguments. To mitigate thi...

8.4CVSS0.00302EPSS

Exploits0References2

OSV•added 2026/06/17 9:40 p.m.•4 views

MINI-2HC3-C6HP-C948

Bulletin has no description...

9.6CVSS4.9AI score0.00344EPSS

Exploits0

OSV•added 2026/06/17 9:37 p.m.•3 views

MINI-QRV3-QJH5-JM5P

Bulletin has no description...

9.1CVSS5AI score0.00392EPSS

Exploits0