CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

146306 matches found

RedHat Linux•added 2026/06/10 12:31 p.m.•13 views

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.3AI score0.12797EPSS

Exploits7References5

RedHat Linux•added 2026/06/10 12:31 p.m.•8 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.7AI score0.02501EPSS

Exploits0References5

Rapid7 Blog•added 2026/06/10 10:21 a.m.•9 views

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Overview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry formerly known as MobileIron Sentry, which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end...

10CVSS7.3AI score0.98937EPSS

Exploits4

OSV•added 2026/06/10 9:53 a.m.•3 views

SUSE-SU-2026:22095-1 Security update for mariadb

This update for mariadb fixes the following issues Update to 11.8.8: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168:...

10CVSS7.6AI score0.00457EPSS

Exploits1References25

RedhatCVE•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-46746

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

8.8CVSS6AI score0.00451EPSS

Exploits0References1

RedhatCVE•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-11572

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

8.8CVSS5.9AI score0.01057EPSS

Exploits0References1

OSV•added 2026/06/10 7:39 a.m.•5 views

SUSE-SU-2026:2330-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2026-3494: audit plugin comment handling bypass bsc1259176. - CVE-2026-34303: mysql: optimizer unspecified vulnerability bsc1266435. - CVE-2026-35549: SHA2 auth plugin crash on large packets bsc1261413. - CVE-2026-44168: wsrep SST unsafe...

10CVSS7.2AI score0.00457EPSS

Exploits1References25

NVD•added 2026/06/10 4:17 a.m.•11 views

CVE-2026-24719

A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS...

8.6CVSS0.00977EPSS

Exploits0References1

NVD•added 2026/06/10 4:17 a.m.•10 views

CVE-2026-22893

8.6CVSS0.00988EPSS

Exploits0References1

NVD•added 2026/06/10 4:17 a.m.•12 views

CVE-2025-66273

8.6CVSS0.01049EPSS

Exploits0References1

NVD•added 2026/06/10 4:17 a.m.•10 views

CVE-2025-66279

8.6CVSS0.01049EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 3:14 a.m.•7 views

CVE-2026-24719 QTS, QuTS hero

8.6CVSS6AI score0.00977EPSS

Exploits0References1

CVE•added 2026/06/10 3:14 a.m.•39 views

CVE-2026-24719

CVE-2026-24719 affects QNAP operating systems QTS and QuTS hero. Description: a command-injection vulnerability that can be exploited by an attacker who has obtained an administrator account to execute arbitrary commands. Affected versions include QTS 5.2.9.3492 build 20260507 and later, and QuTS...

8.6CVSS6AI score0.00977EPSS

Exploits0References1Affected Software2

EUVD•added 2026/06/10 3:14 a.m.•9 views

EUVD-2026-35977

8.6CVSS6AI score0.00977EPSS

Exploits0References1

Cvelist•added 2026/06/10 3:14 a.m.•37 views

CVE-2026-24719 QTS, QuTS hero

8.6CVSS0.00977EPSS

Exploits0References1

EUVD•added 2026/06/10 3:6 a.m.•13 views

EUVD-2026-35972

8.6CVSS6AI score0.00988EPSS

Exploits0References1

Vulnrichment•added 2026/06/10 3:6 a.m.•7 views

CVE-2026-22893 QTS, QuTS hero

8.6CVSS6AI score0.00988EPSS

Exploits0References1

Cvelist•added 2026/06/10 3:6 a.m.•38 views

CVE-2026-22893 QTS, QuTS hero

8.6CVSS0.00988EPSS

Exploits0References1

CVE•added 2026/06/10 3:6 a.m.•35 views

CVE-2026-22893

CVE-2026-22893 : A command injection vulnerability affecting QNAP OS (QTS 5.2.9.3410 build 20260214 and later; QuTS hero h5.2.9.3410 build 20260214 and later; QuTS hero h5.3.4.3500 build 20260520 and later; QuTS hero h6.0.0.3459 build 20260409 and later). Root cause: improper handling that allows...

8.6CVSS6AI score0.00988EPSS

Exploits0References1Affected Software2

CVE•added 2026/06/10 3:5 a.m.•28 views

CVE-2025-66279

CVE-2025-66279 is a command-injection vulnerability affecting several QNAP OS versions. The issue allows an attacker who already has an administrator account to execute arbitrary commands remotely. Affected products/versions include QTS 5.2.9.3410 build 20260214 and later; QuTS hero h5.2.9.3410 b...

8.6CVSS6AI score0.01049EPSS

Exploits0References1Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by