CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

349 matches found

Vulnrichment•added 2026/06/12 1:29 p.m.•9 views

CVE-2026-11879 Arbitrary code execution in MobaXterm Personal Edition (Portable)

MobaXterm Personal Edition Portable, in its 26.3 version Build 5154, allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be modified by the user. During startup, the application searches for specific DLLs in this location before resorti...

8.5CVSS6AI score0.00108EPSS

Exploits0References1

Positive Technologies•added 2026/06/12 12:0 a.m.•12 views

PT-2026-48863

Name of the Vulnerable Software and Affected Versions MobaXterm Personal Edition Portable version 26.3 Build 5154 Description The application allows arbitrary code execution by loading malicious DLLs from a predictable temporary directory that can be modified by the user. During startup, the...

8.5CVSS5.9AI score0.00108EPSS

Exploits0References4

CNNVD•added 2026/05/29 12:0 a.m.•7 views

Roslyn CodeLens MCP Server 安全漏洞

Roslyn CodeLens MCP Server is a Roslyn-based .NET code library tool for deep semantic analysis, developed by Marcel Roozekrans. Versions of Roslyn CodeLens MCP Server from 0.0.9 to 1.17.0 contain security vulnerabilities. These vulnerabilities stem from the getdiagnostics tool, which loads and...

7.8CVSS6.1AI score0.00143EPSS

Exploits0References1

ATTACKERKB•added 2026/03/16 7:14 a.m.•4 views

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

8.4CVSS6.3AI score0.00191EPSS

Exploits0References2

CNNVD•added 2026/02/24 12:0 a.m.•6 views

Synology Presto Client 代码问题漏洞

Synology Presto Client is a high-speed transfer tool developed by the Chinese company Synology. Versions of Synology Presto Client prior to 2.1.3-0672 contained a code vulnerability. This vulnerability stemmed from uncontrolled search path elements during the installation process, which could all...

7.1CVSS6AI score0.00145EPSS

Exploits0References1

NVD•added 2026/02/10 10:15 a.m.•9 views

CVE-2026-25656

A vulnerability has been identified in SINEC NMS All versions V4.0 SP3, User Management Component UMC All versions V2.15.2.1. The affected application permits improper modification of a configuration file by a low-privileged user. This could allow an attacker to load malicious DLLs, potentially...

8.5CVSS0.00238EPSS

Exploits0References1

Positive Technologies•added 2026/02/10 12:0 a.m.•6 views

PT-2026-7258

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 4.0 SP2 Description The application allows unauthorized modification of a configuration file by a user with limited privileges. This could enable an attacker to load malicious DLLs, potentially resulting in arbitrar...

8.5CVSS6.2AI score0.00238EPSS

Exploits0References8

Positive Technologies•added 2026/02/10 12:0 a.m.•7 views

PT-2026-7259

Name of the Vulnerable Software and Affected Versions SINEC NMS versions prior to 2.15.2.1 User Management Component UMC versions prior to 2.15.2.1 Description The application allows unauthorized modification of a configuration file by a user with limited privileges. This could enable an attacker...

8.5CVSS6.2AI score0.00238EPSS

Exploits0References6

Positive Technologies•added 2026/02/05 12:0 a.m.•5 views

PT-2026-5870

Name of the Vulnerable Software and Affected Versions Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 through 8.0.2 Description A flaw exists in default permissions within the software that could allow a local attacker to execute code with system privileges. This is...

8.8CVSS5.6AI score0.00148EPSS

Exploits0References8

Vulnrichment•added 2026/01/13 10:51 p.m.•3 views

CVE-2020-36911 Covenant 0.5 - Remote Code Execution (RCE)

Covenant 0.1.3 - 0.5 contains a remote code execution vulnerability that allows attackers to craft malicious JWT tokens with administrative privileges. Attackers can generate forged tokens with admin roles and upload custom DLL payloads to execute arbitrary commands on the target system...

9.8CVSS8.5AI score0.10447EPSS

Exploits1References7

RedhatCVE•added 2026/01/09 12:30 p.m.•4 views

CVE-2023-40352

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs...

7.2CVSS7.3AI score0.00702EPSS

Exploits0References1

Positive Technologies•added 2025/11/26 12:0 a.m.•8 views

PT-2025-48119

CMService.exe creates the C:usr directory and subdirectories with insecure permissions, granting write access to all authenticated users. This allows attackers to replace configuration files such as snmp.conf or hijack DLLs to escalate privileges...

6.9CVSS7.1AI score0.00096EPSS

Exploits0References2

CVE•added 2025/11/25 7:20 a.m.•9 views

CVE-2025-59485

CVE-2025-59485 affects Security Point (Windows) of MaLion prior to Ver.5.3.4. The flaw allows placing an arbitrary file in a specific folder by a logged-in user; if the file is a crafted DLL, it could execute code with SYSTEM privileges. Remediation: update to Security Point MaLion Ver.5.3.4 or l...

4.8CVSS6.9AI score0.00093EPSS

Exploits0References2

Fedora•added 2025/10/25 9:19 p.m.•9 views

[SECURITY] Fedora 43 Update: mingw-binutils-2.45-2.fc43

Cross compiled binutils utilities like 'strip', 'as', 'ld' which understand Windows executables and DLLs...

7.8CVSS7AI score0.0023EPSS

Exploits5

SUSE CVE•added 2025/10/23 12:9 a.m.•3 views

SUSE CVE-2023-47113

BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been...

7.3CVSS7.7AI score0.00247EPSS

Exploits0References2