CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

555 matches found

CVE-2026-12060

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS0.00286EPSS

Exploits0References2

Vulnrichment•added 6 days ago•5 views

CVE-2026-12060 Hepta Platforms｜Heptabase - Exposed Dangerous

6.9CVSS5.3AI score0.00286EPSS

Exploits0References2

Cvelist•added 6 days ago•28 views

CVE-2026-12060 Hepta Platforms｜Heptabase - Exposed Dangerous

6.9CVSS0.00286EPSS

Exploits0References2

CVE•added 6 days ago•15 views

CVE-2026-12060

CVE-2026-12060 concerns Heptabase (Hepta Platforms) with an Exposed Dangerous Method or Function vulnerability. The description indicates unauthenticated remote attackers can leverage social engineering to persuade a victim to open or load a malicious webpage inside the Heptabase application, res...

6.9CVSS5.3AI score0.00286EPSS

Exploits0References2

EUVD•added 6 days ago•10 views

EUVD-2026-36390

6.9CVSS5.3AI score0.00286EPSS

Exploits0References2

Positive Technologies•added 6 days ago•10 views

PT-2026-48831

6.9CVSS5.3AI score0.00286EPSS

Exploits0References3

RedhatCVE•added 2026/06/05 7:26 p.m.•9 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS5.9AI score0.00176EPSS

Exploits0References1

NVD•added 2026/06/01 5:17 p.m.•9 views

CVE-2026-45266

Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other user's microphones to be muted in calls when no High-performance Backend is installed. This issue has been patched in versions 21.1.10, 22.0.11, and...

3.5CVSS0.00203EPSS

Exploits0References3

EUVD•added 2026/06/01 4:39 p.m.•7 views

EUVD-2026-33678

3.5CVSS5.7AI score0.00203EPSS

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в firefox

When a user has already allowed a website to access the microphone and camera, disabling camera sharing does not completely prevent the website from re-enabling them without an additional prompt. This is only possible if the website continues to record with the microphone until the camera is...

4.3CVSS6.7AI score0.00842EPSS

Exploits0References2

NVD•added 2026/05/20 12:16 a.m.•10 views

CVE-2026-39309

5.5CVSS0.00176EPSS

Exploits0References2

Cvelist•added 2026/05/19 11:54 p.m.•34 views

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

5.5CVSS0.00176EPSS

Exploits0References2

Vulnrichment•added 2026/05/19 11:54 p.m.•6 views

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

5.5CVSS6.1AI score0.00176EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd-mbhc-v2: fixed resource leaks during component removal The MBHC resources must be released in case of component probe failures and removals; therefore, they cannot be tied to the lifetime of the component device...

5.2AI score0.00206EPSS

Exploits0References1

Malwarebytes•added 2026/04/16 12:40 p.m.•3 views

Browser Guard gets even better with Access Control

Have you ever been on a website when a pop-up suddenly asked for access to your camera, microphone, location, or notifications? Whether you clicked “allow,” dismissed it, or just wondered why it appeared, those permission requests aren’t always harmless. Some sites can abuse those permissions. Wi...

5.8AI score

Exploits0

GithubExploit•added 2026/04/05 7:9 a.m.•104 views

Exploit for CVE-2024-23700

PoC for CVE-2024-23700, allowing silently obtain permissions to...

5.8AI score

Exploits1

The Hacker News•added 2026/03/16 9:7 a.m.•4 views

DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage

Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team. The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted b...

6.1AI score

Exploits0

Malwarebytes•added 2026/03/03 12:10 p.m.•5 views

Chrome flaw let extensions hijack Gemini’s camera, mic, and file access

Chrome’s Gemini “Live in Chrome” panel Gemini’s embedded, agent-style assistant mode within Chrome had a high‑severity vulnerability tracked as CVE‑2026‑0628. The flaw let a low‑privilege extension inject code into the Gemini side panel and inherit its powerful capabilities, including local file...

8.8CVSS6AI score0.06545EPSS

Exploits2

Malwarebytes•added 2026/02/27 11:29 a.m.•9 views

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

6.3AI score

Exploits0

RedhatCVE•added 2026/02/22 7:24 a.m.•8 views

CVE-2026-27467

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

2.4CVSS5.4AI score0.00174EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by