CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

CVE-2026-0096

In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00005EPSS

Exploits0References1

Positive Technologies•added 2026/05/09 12:0 a.m.•8 views

PT-2026-39318

Name of the Vulnerable Software and Affected Versions Gibbon versions prior to v30.0.01 Description A local file inclusion issue allows remote code execution by modifying the report archive directory and forcing the system to interpret a user-provided .zip file as PHP. This requires Teacher or...

8.9CVSS6.4AI score0.00051EPSS

Exploits0References6

RedhatCVE•added 2026/03/25 9:31 p.m.•3 views

CVE-2026-33249

A flaw was found in NATS-Server. A valid client can exploit this flaw by manipulating message tracing headers to redirect trace messages to any valid subject, even those for which the client lacks publish permissions. This allows for unauthorized sending of trace messages, potentially bypassing...

6.4CVSS5.6AI score0.00012EPSS

Exploits0References5

Cvelist•added 2026/02/19 10:40 p.m.•20 views

CVE-2026-1658 Content spoofing vulnerability discovered in OpenText™ Directory Services

User Interface UI Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning. The vulnerability could be exploited by a bad actor to inject manipulated text into the OpenText application, potentially misleading users. This issue affects Director...

5.3CVSS0.00013EPSS

Exploits0References1

The Hacker News•added 2025/12/04 5:25 p.m.•5 views

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization SEO poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloadin...

7.3AI score

Exploits0

OSV•added 2025/11/14 9:30 p.m.•1 views

GHSA-JJ37-3377-M6VV Duplicate Advisory: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mm7p-fcc7-pg87. This link is maintained to preserve external references. Original Description A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient...

7.5CVSS5.8AI score0.00031EPSS

Exploits0References8

Cvelist•added 2025/11/14 7:37 p.m.•10 views

CVE-2025-13033 Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

7.5CVSS0.00031EPSS

Exploits0References7

CNNVD•added 2025/11/14 12:0 a.m.•3 views

Nodemailer 安全漏洞

Nodemailer is a JS codebase from the Nodemailer team that uses a JS codebase that provides the ability to send emails. A security vulnerability exists in Nodemailer that stems from mishandling of the email parsing library, which could result in emails being misdirected to an attacker's address,...

7.5CVSS6.4AI score0.00031EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-4109

Malware in sbrugna...

3.1CVSS4.3AI score0.00087EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-27356

Malware in sbrugna...

4.7CVSS5.2AI score0.00165EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-33444