CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2131 matches found

Windows Server Update Service - Insecure Deserialization

Windows Server Update Service contains an insecure deserialization vulnerability caused by deserialization of untrusted data. An unauthorized attacker with network access can exploit this to execute arbitrary code remotely, potentially leading to full system compromise. id: CVE-2025-59287 info:...

9.8CVSS7.7AI score0.72697EPSS

Exploits24References5

RedHat Linux•added 2026/05/27 10:37 a.m.•11 views

dotnet: .NET: infinite loop allows an attacker to cause a denial of service

A flaw was found in dotnet. An infinite loop in ASP.NET Core allows an unauthenticated remote attacker to cause a denial of service over a network. This issue can lead to an application crash and a high consumption of system resources...

7.5CVSS5.8AI score0.00036EPSS

Exploits0References5

RedHat Linux•added 2026/05/27 10:12 a.m.•8 views

dotnet: .NET: infinite loop allows an attacker to cause a denial of service

7.5CVSS5.8AI score0.00036EPSS

Exploits0References5

RedhatCVE•added 2026/05/26 2:12 p.m.•6 views

CVE-2026-47280

Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00093EPSS

Exploits0References1

EUVD•added 2026/05/24 8:45 p.m.•12 views

EUVD-2026-31550

A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...

3.1CVSS5.2AI score0.00042EPSS

Exploits0References4

EUVD•added 2026/05/24 8:0 p.m.•9 views

EUVD-2026-31547

A vulnerability was identified in Besen BS20 EV Charging Station up to 20260426. Affected is an unknown function of the component BLE/UDP. The manipulation leads to insufficiently protected credentials. The attack needs to be initiated within the local network. The original disclosure mentions,...

5.1CVSS5.5AI score0.00023EPSS

Exploits0References4

ATTACKERKB•added 2026/05/24 8:0 p.m.•9 views

CVE-2026-9395

5.1CVSS5.5AI score0.00023EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/05/23 2:12 a.m.•9 views

CVE-2026-42899

7.5CVSS5.8AI score0.00036EPSS

Exploits0References4

ATTACKERKB•added 2026/05/22 10:4 p.m.•5 views

CVE-2026-42901

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00043EPSS

Exploits0References2

CVE•added 2026/05/22 3:21 a.m.•5 views

CVE-2026-9054

The provided documents describe CVE-2026-9054 as a network-facing kernel panic triggered when an attacker sends packets (TCP, IL, RUDP, RUDP, or GRE) whose length is shorter than the header size. The description is consistent across NVD entries and related sources, but there are no explicit detai...

9.2CVSS5.8AI score0.00052EPSS

Exploits0References3

Packet Storm News•added 2026/05/21 12:0 a.m.•7 views

UFONet 2.0

UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc...

5.8AI score

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в mariadb-10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. The supported versions affected are 5.7.35 and earlier, as well as 8.0.26 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromise th...

5.5CVSS6.6AI score0.00207EPSS

Exploits0References2

CNNVD•added 2026/05/19 12:0 a.m.•5 views

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software developed by the American company Microsoft. There is a security vulnerability in Microsoft Defender, which stems from a heap buffer overflow. Unauthorized attackers may execute code through the network as a result of this vulnerability...

8.1CVSS6.2AI score0.0003EPSS

Exploits0References2

NVD•added 2026/05/18 6:17 p.m.•7 views

CVE-2026-42822

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network...

10CVSS0.00093EPSS

Exploits0References1

GithubExploit•added 2026/05/16 2:30 a.m.•63 views

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2026-41096 Overview CVE-2026-41096 is a critical secu...

9.8CVSS6.6AI score0.0004EPSS

Exploits4

Tenable Nessus•added 2026/05/14 12:0 a.m.•7 views

Security Updates for Microsoft Windows Admin Center (May 2026)

The Microsoft Windows Admin Center installed on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network. CVE-2026-35438 - Improper access...

8.8CVSS5.8AI score0.00071EPSS

Exploits0References4

RedhatCVE•added 2026/05/13 8:22 p.m.•4 views

CVE-2026-41613

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00065EPSS

Exploits0References1

RedhatCVE•added 2026/05/13 8:22 p.m.•6 views

CVE-2026-40406

Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00085EPSS

Exploits0References1