CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4829 matches found

OSV•added 2026/03/12 6:16 a.m.•0 views

DEBIAN-CVE-2026-3994

A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X8664::initializesections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a...

4.8CVSS5.5AI score0.00127EPSS

Exploits0References1

EUVD•added 2026/03/11 7:47 p.m.•8 views

EUVD-2026-11332

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS

Exploits1References1

Vulnrichment•added 2026/03/11 6:23 p.m.•4 views

CVE-2019-25464 InputMapper 1.6.10 Local Denial of Service via Username Field

InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...

6.7CVSS6.1AI score0.00177EPSS

Exploits0References3

EUVD•added 2026/03/11 12:31 a.m.•8 views

EUVD-2025-208542

Improper buffer restrictions in some UEFI firmware for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access whe...

5.6CVSS5.9AI score0.00095EPSS

Exploits0References2

Positive Technologies•added 2026/03/11 12:0 a.m.•5 views

PT-2026-24680

Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled...

3.3CVSS5.8AI score0.00178EPSS

Exploits0References6

Cvelist•added 2026/03/10 10:49 p.m.•19 views

CVE-2025-20028

Time-of-check time-of-use race condition in the WheaERST SMM module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occ...

7.1CVSS0.00076EPSS

Exploits0References1

Snyk•added 2026/03/10 6:31 p.m.•3 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions. An attacker can gain elevated privileges by exploiting these permissions locally. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm64 to version 10.0.4 or higher. References - Vulnerability...

8.5CVSS5.9AI score0.00359EPSS

Exploits0References2

EUVD•added 2026/03/10 6:31 p.m.•3 views

EUVD-2026-10665

Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally...

7.8CVSS5.9AI score0.00496EPSS

Exploits0References2

EUVD•added 2026/03/10 6:31 p.m.•4 views

EUVD-2026-10646

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.0037EPSS

Exploits0References2

EUVD•added 2026/03/10 6:31 p.m.•4 views

EUVD-2026-10623

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Device Association Service allows an authorized attacker to elevate privileges locally...

7CVSS5.8AI score0.00205EPSS

Exploits0References2

EUVD•added 2026/03/10 6:31 p.m.•4 views

EUVD-2026-10614

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.03239EPSS

Exploits3References2

NVD•added 2026/03/10 6:18 p.m.•10 views

CVE-2026-26128

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00447EPSS

Exploits1References3

OSV•added 2026/03/10 6:18 p.m.•5 views

CVE-2026-25170

Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally...

7CVSS5.7AI score0.00293EPSS

Exploits0References1

NVD•added 2026/03/10 6:18 p.m.•4 views

CVE-2026-25165

Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00391EPSS

Exploits0References1

NVD•added 2026/03/10 6:18 p.m.•5 views

CVE-2026-24296

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Device Association Service allows an authorized attacker to elevate privileges locally...

7CVSS0.00205EPSS

Exploits0References1

OSV•added 2026/03/10 6:18 p.m.•6 views

CVE-2026-24294

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally...

7.8CVSS5.7AI score0.02732EPSS

Exploits1References1

NVD•added 2026/03/10 6:18 p.m.•4 views

CVE-2026-24292

Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00338EPSS

Exploits0References1