CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

685 matches found

CVE-2026-53863

OpenClaw before 2026.4.25 exposes an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. When a group ID is supplied to the policy resolver, it can lead to incorrect group-policy decisions for tool invocations, potentially bypassing intended access contr...

7.1CVSS5.3AI score0.00169EPSS

Exploits0References2Affected Software1

RedHat Linux•added 4 days ago•7 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS5.7AI score0.01869EPSS

Exploits6References6

RedHat Linux•added 4 days ago•5 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.3AI score0.00188EPSS

Exploits0References5

Rockylinux•added 6 days ago•13 views

samba security update

An update is available for samba. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...

9.8CVSS6AI score0.01869EPSS

Exploits7

OSV•added 2026/06/09 6:0 a.m.•8 views

RLSA-2026:22644 Important: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: group policy certificate enrollment uses http://...

9CVSS5.7AI score0.01869EPSS

Exploits6References4

Tenable Nessus•added 2026/06/06 12:0 a.m.•6 views

RHEL 10 : samba (RHSA-2026:22963)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22963 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

9.8CVSS6.2AI score0.01869EPSS

Exploits7References15

RedHat Linux•added 2026/06/03 9:52 p.m.•10 views

samba: group policy certificate enrollment uses http:// without validation

8CVSS5.8AI score0.00188EPSS

Exploits0References5

RedHat Linux•added 2026/06/03 3:28 a.m.•11 views

samba: group policy certificate enrollment uses http:// without validation

8CVSS5.8AI score0.00188EPSS

Exploits0References5

Microsoft Secure•added 2026/05/29 4:0 p.m.•34 views

Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection

As threats become more coordinated and faster to execute, endpoint protection has become the proving ground for modern defense. For the seventh consecutive time, Microsoft has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. We believe this reflects both the...

5.8AI score

Exploits0

Cvelist•added 2026/05/27 10:2 a.m.•36 views

CVE-2026-3012 Samba: group policy certificate enrollment uses http:// without validation

8CVSS0.00188EPSS

Exploits0References7

Debian CVE•added 2026/05/27 10:2 a.m.•6 views

CVE-2026-3012

8CVSS5.8AI score0.00188EPSS

Exploits0

Vulnrichment•added 2026/05/27 10:2 a.m.•8 views

CVE-2026-3012 Samba: group policy certificate enrollment uses http:// without validation

8CVSS5.8AI score0.00188EPSS

Exploits0References7

ATTACKERKB•added 2026/05/27 10:2 a.m.•7 views

CVE-2026-3012

8CVSS5.8AI score0.00188EPSS

Exploits0References6

CVE•added 2026/05/27 10:2 a.m.•35 views

CVE-2026-3012

CVE-2026-3012 concerns Samba’s certificate auto-enrollment over HTTP without verification. When Group Policy auto-enrollment is enabled, Samba may fetch a CA certificate via unencrypted HTTP and install it into the local trust store without proper validation, enabling a MiTM-style attack to intro...

8CVSS5.8AI score0.00188EPSS

Exploits0References7Affected Software3

AlpineLinux•added 2026/05/27 10:2 a.m.•10 views

CVE-2026-3012

8CVSS5.8AI score0.00188EPSS

Exploits0References7

CNNVD•added 2026/05/27 12:0 a.m.•9 views

Samba 数据伪造问题漏洞

Samba is an open-source suite of standard Windows interoperability programs for Linux and Unix systems. Samba has a vulnerability related to data falsification, which stems from the automatic certificate registration group policy processing. This process involves retrieving CA certificates via...

8CVSS5.8AI score0.00188EPSS

Exploits0References4

OSV•added 2026/05/26 12:35 p.m.•3 views

SUSE-SU-2026:2074-1 Security update for samba

This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3012: group policy certificate enrollment uses http: // without validation bsc1261159. - CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server...

9.8CVSS5.8AI score0.02803EPSS

Exploits6References11

Samba•added 2026/05/26 12:0 a.m.•14 views

auto-enrolment GPO installing CA certificate over http

Description If the certificate auto-enrollment GPO is enabled on domain members both in Samba's smb.conf and using Windows GPME tool, a CA certificate may be fetched using a plain HTTP connection and installed in the member computer's trust store. This may give an attacker a chance to intercept t...

8CVSS5.9AI score0.00188EPSS

Exploits0