CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/04 9:16 a.m.•11 views

CVE-2026-50209

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

9.3CVSS0.00098EPSS

CVE•added 2026/06/01 9:14 p.m.•17 views

CVE-2025-48652

The CVE-2025-48652 entry describes a logic error in performPreInstallChecks within InstallRepository.kt that could bypass MDM policy, enabling local escalation of privilege with no extra execution privileges required and no user interaction needed. Connected sources (EUVD-2025-210017, NVD) corrob...

7.8CVSS5.9AI score0.00083EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/06/01 9:14 p.m.•8 views

CVE-2025-48652

In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00083EPSS

Cvelist•added 2026/06/01 9:14 p.m.•28 views

CVE-2025-48652

0.00083EPSS

Snyk•added 2026/05/26 10:48 p.m.•4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade...

Snyk•added 2026/05/26 10:48 p.m.•7 views

Improper Authentication

Snyk•added 2026/05/26 10:48 p.m.•5 views

Improper Authentication

Snyk•added 2026/05/26 10:48 p.m.•5 views

Improper Authentication

Snyk•added 2026/05/26 10:48 p.m.•6 views

Improper Authentication

Snyk•added 2026/05/26 10:48 p.m.•6 views

Improper Authentication

RedhatCVE•added 2026/05/16 1:56 a.m.•17 views

CVE-2026-24899

Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not...

8.2CVSS5.8AI score0.00381EPSS

Snyk•added 2026/05/14 9:25 p.m.•4 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...

8.2CVSS5.5AI score0.00381EPSS

Snyk•added 2026/05/14 9:25 p.m.•4 views

User Impersonation

8.2CVSS5.5AI score0.00381EPSS

NVD•added 2026/05/14 7:16 p.m.•9 views

CVE-2026-23998

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...

8.2CVSS0.00214EPSS

Cvelist•added 2026/05/14 6:58 p.m.•39 views

CVE-2026-24899 Fleet Windows MDM Azure AD JWT Authentication Bypass

8.2CVSS0.00381EPSS

Vulnrichment•added 2026/05/14 6:58 p.m.•8 views

CVE-2026-24899 Fleet Windows MDM Azure AD JWT Authentication Bypass

8.2CVSS5.8AI score0.00381EPSS

Cvelist•added 2026/05/14 6:48 p.m.•38 views

CVE-2026-23998 Fleet has a Windows MDM management endpoint authentication bypass

8.2CVSS0.00214EPSS

Vulnrichment•added 2026/05/14 6:48 p.m.•5 views

CVE-2026-23998 Fleet has a Windows MDM management endpoint authentication bypass

Positive Technologies•added 2026/05/14 12:0 a.m.•10 views

PT-2026-40967

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description A flaw in the Windows MDM management endpoint allows requests to be processed without proper client certificate validation. The endpoint relies on mutual TLS mTLS—a process where both the client and...