CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/01/27 5:8 a.m.•1 views

CVE-2026-21408

7.3CVSS6AI score0.0001EPSS

CVE•added 2026/01/27 5:8 a.m.•9 views

CVE-2026-21408

The CVE-2026-21408 issue affects beat-access for Windows 3.0.3 and earlier, due to an insecure DLL search path (Uncontrolled search path element, CWE-427) that may cause loading of DLLs leading to arbitrary code execution with SYSTEM privileges. Documented impact is arbitrary code execution with ...

7.3CVSS7.3AI score0.0001EPSS

Positive Technologies•added 2026/01/27 12:0 a.m.•4 views

PT-2026-5029

Name of the Vulnerable Software and Affected Versions vLLM versions prior to 0.14.1 Description A Server-Side Request Forgery SSRF issue exists in the MediaConnector class within vLLM's multimodal feature set. The load from url and load from url async methods process URLs provided by users to...

7.1CVSS6.5AI score0.00038EPSS

Exploits1References14

EUVD•added 2026/01/26 5:55 p.m.•3 views

EUVD-2025-206345

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

7.1CVSS6.3AI score0.0001EPSS

ATTACKERKB•added 2026/01/26 5:55 p.m.•2 views

CVE-2025-71178

7.1CVSS6.3AI score0.0001EPSS

Exploits0References3

RedHat Linux•added 2026/01/26 1:38 p.m.•1 views

openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 an...

7.5CVSS5.9AI score0.00089EPSS

Exploits0References5

RedhatCVE•added 2026/01/26 1:28 p.m.•5 views

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS6.3AI score0.00012EPSS

Tenable Nessus•added 2026/01/26 12:0 a.m.•2 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004951 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trac...

5.5CVSS6.8AI score0.00025EPSS

NVD•added 2026/01/25 3:15 p.m.•3 views

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

5.5CVSS0.00012EPSS

Exploits0References5

RedhatCVE•added 2026/01/24 2:27 a.m.•4 views

CVE-2026-22984

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog Mitigation If Ceph not being used, then...

7.1CVSS5.1AI score0.00021EPSS

RedhatCVE•added 2026/01/23 8:54 p.m.•3 views

CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

7.1CVSS5AI score0.00019EPSS

Github Security Blog•added 2026/01/23 6:31 a.m.•8 views

Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per CVE CNA rule 4.1.12, is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939issuecomment-3862719883, npm cli should not be listed as an...

7CVSS7.5AI score0.00012EPSS

Exploits0References4Affected Software1

OSV•added 2026/01/23 6:31 a.m.•3 views

GHSA-3966-F6P6-2QR9 Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

7CVSS7.4AI score0.00012EPSS

OSV•added 2026/01/23 4:16 a.m.•3 views

UBUNTU-CVE-2026-0775

7CVSS6.1AI score0.00012EPSS

Exploits0References3

Vulnrichment•added 2026/01/23 3:29 a.m.•4 views

CVE-2026-0776 Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

7.3CVSS6.2AI score0.00009EPSS

Vulnrichment•added 2026/01/23 3:29 a.m.•4 views

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

7CVSS6.2AI score0.00012EPSS

Cvelist•added 2026/01/23 3:29 a.m.•25 views

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

7CVSS0.00012EPSS

CNNVD•added 2026/01/23 12:0 a.m.•3 views

Discord code-related vulnerabilities

Discord is a free chat service provided by the Discord company. Discord has code-related vulnerabilities; one of these vulnerabilities stems from the discordrpc module loading files from insecure locations, which may lead to privilege escalation and the execution of arbitrary code...

7.3CVSS7.5AI score0.00009EPSS