CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3396185 matches found

Ivanti•added 2026/12/05 2:3 p.m.•16 views

May 2026 Security Advisory Ivanti Virtual Traffic Manager (vTM) (CVE-2026-8051)

Summary Ivanti has released updates for Ivanti Virtual Traffic Manager which addresses one High severity vulnerability. Successful exploitation could lead to admin authenticated remote code execution. We are not aware of any customers being exploited by this vulnerability at the time of disclosur...

7.2CVSS6.1AI score0.01456EPSS

Exploits0

Ivanti•added 2026/12/05 2:2 p.m.•21 views

May 2026 Security Advisory Ivanti Secure Access Client (CVE-2026-7431, CVE-2026-7432)

Update 22 May: CVE-2026-8992 has been added to Vulnerability Details Summary Ivanti has released updates for the Ivanti Secure Access Client which addresses one medium severity vulnerability and two High severity vulnerabilities. We are not aware of any customers being exploited by these...

8.8CVSS6.2AI score0.00127EPSS

Exploits0

Ivanti•added 2026/12/05 2:0 p.m.•15 views

Security Advisory - Ivanti Xtraction (CVE-2026-8043)

Summary Ivanti has released an update for Ivanti Xtraction which addresses one Critical severity vulnerability. Successful exploitation could lead to sensitive information disclosure and client-side attacks. We are not aware of any customers being exploited by this vulnerability at the time of...

9.6CVSS5.9AI score0.00091EPSS

Exploits0

Ivanti•added 2026/12/05 1:59 p.m.•21 views

Security Advisory Ivanti Endpoint Manager (EPM) May 2026

Security Advisory Ivanti Endpoint Manager EPM CVE-2026-8109, CVE-2026-8110, CVE-2026-811 Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one Medium severity and two High severity vulnerabilities. Successful exploitation could lead to information disclosure, privile...

8.8CVSS6.3AI score0.00354EPSS

Exploits0

Ivanti•added 2026/10/03 9:26 a.m.•30 views

Security Advisory Ivanti DSM (CVE-2026-3483)

Security Advisory Ivanti DSM CVE-2026-3483 Summary Ivanti has released an update for Ivanti Desktop and Server Management DSM which addresses one high severity vulnerability. Successful exploitation could allow an attacker to elevate their local privileges. We are not aware of any customers being...

7.8CVSS5.8AI score0.00069EPSS

Exploits0

Ivanti•added 2026/09/06 5:17 p.m.•7 views

CVE‑2026‑49975 – HTTP/2 Denial of Service Vulnerability

Status: EPMM unaffected Summary: CVE‑2026‑49975 is a denial‑of‑service DoS vulnerability affecting HTTP/2 implementations in several web servers. The issue allows an unauthenticated attacker to exhaust server memory using specially crafted HTTP/2 requests. EPMM / Sentry rely on Apache Tomcat for...

7.5CVSS5.5AI score0.00322EPSS

Exploits2

Ivanti•added 2026/09/06 1:58 p.m.•8 views

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2026-10727)

Update 11 June: FAQ Updated Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses one high severity vulnerability. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details CVE Number | Descriptio...

7.2CVSS6.1AI score0.00441EPSS

Exploits0

Ivanti•added 2026/09/02 8:55 p.m.•29 views

Security Advisory EPM February 2026 for EPM 2024

Update 18 Feb: Added FAQ on patching Agents. Summary Ivanti has released updates for Ivanti Endpoint Manager which addresses one high severity vulnerability and one medium severity vulnerability. Successful exploitation could allow a remote authenticated attacker to leak arbitrary data or...

8.6CVSS6.4AI score0.58921EPSS

Exploits0

Ivanti•added 2026/07/05 2:11 p.m.•38 views

May 2026 Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (Multiple CVEs)

Summary Ivanti has released updates for Ivanti Endpoint Manager Mobile EPMM which addresses five high severity vulnerabilities. We are aware of a very limited number of customers exploited with CVE-2026-6973. Successful exploitation requires Admin authentication. If customers followed Ivanti’s...

9.8CVSS6.1AI score0.04792EPSS

Exploits0

GithubExploit•added 20 minutes ago•1 views

Exploit for Deserialization of Untrusted Data in Jenkins

CVE-2026-53435 — Jenkins Deserialization → Arbitrary File Read...

8.8CVSS0.00054EPSS

Exploits1

GithubExploit•added 21 minutes ago•2 views

Exploit for CVE-2022-38694

ZTE Blade X1001 — Root con Magisk Android 15, Unisoc UMS9230...

7.8CVSS0.00323EPSS

Exploits2

GithubExploit•added 44 minutes ago•5 views

Exploit for Improper Authentication in Checkpoint Gaia_Os

CVE-2026-50751 — Check Point IKEv1 Authentication Bypass...

9.3CVSS6AI score0.11841EPSS

Exploits3

CVE•added 46 minutes ago•12 views

CVE-2026-47244 Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts...

5.3CVSS5.2AI score

Exploits0References3

Cvelist•added 46 minutes ago•5 views

CVE-2026-47244 Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

5.3CVSS

Exploits0References3

GithubExploit•added 48 minutes ago•5 views

Exploit for CVE-2026-37196

CVE-2026-37196 – Stored Cross-Site Scripting XSS in nirix tr...

5.5AI score

Exploits0

Cvelist•added 50 minutes ago•5 views

CVE-2026-46340 Netty: SCTP reassembly nests buffers without bound

Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping t...

7.5CVSS

Exploits0References3

CVE•added 50 minutes ago•13 views

CVE-2026-46340 Netty: SCTP reassembly nests buffers without bound

7.5CVSS5.4AI score

Exploits0References3

Cvelist•added 52 minutes ago•6 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin bailiwick of CNAME records in DNS responses. Versions 4.1.135.Final and 4.2.15.Final patch the issue...

8.7CVSS

Exploits0References3

CVE•added 52 minutes ago•27 views

CVE-2026-45674 Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Records

8.7CVSS5.2AI score

Exploits0References3

CVE•added 52 minutes ago•14 views

CVE-2026-47141 vm2: NodeVM observability builtins leak host process and HTTP request data

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The diagnosticschannel, asynchooks, and perfhooks builtins are not blocked by the dangerous builtin denylist. These modules...

6.9CVSS5.2AI score

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by