CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2143 matches found

Microsoft CVE•added 2026/03/10 2:0 p.m.•3 views

ASP.NET Core Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.03634EPSS

Exploits0

Positive Technologies•added 2026/03/10 12:0 a.m.•3 views

PT-2026-24273

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A use after free issue exists in Windows Print Spooler Components. This allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no...

9CVSS5.9AI score0.00103EPSS

Exploits0References12

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24330

Name of the Vulnerable Software and Affected Versions .NET versions 9.0.0 through 9.0.13 .NET versions 10.0.0 through 10.0.3 Microsoft.Bcl.Memory versions 9.0.0 through 9.0.13 Microsoft.Bcl.Memory versions 10.0.0 through 10.0.3 Description An out-of-bounds read issue exists in .NET and...

7.8CVSS6.8AI score0.03634EPSS

Exploits0References80

Positive Technologies•added 2026/03/10 12:0 a.m.•3 views

PT-2026-24325

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper validation of a specified type of input in SQL Server can allow an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information...

9CVSS5.8AI score0.00139EPSS

Exploits0References12

Positive Technologies•added 2026/03/10 12:0 a.m.•4 views

PT-2026-24260

Name of the Vulnerable Software and Affected Versions SQL Server versions 2016 SP3 through 2025 Description An improper access control issue in SQL Server allows an authorized attacker to elevate privileges over a network. An attacker can gain sysadmin privileges remotely on affected SQL Server...

9CVSS5.8AI score0.00087EPSS

Exploits0References65

Positive Technologies•added 2026/03/10 12:0 a.m.•3 views

PT-2026-24321

Name of the Vulnerable Software and Affected Versions Windows Routing and Remote Access Service RRAS affected versions not specified Description An integer overflow or wraparound exists in Windows Routing and Remote Access Service RRAS. This condition allows an unauthorized attacker to execute co...

10CVSS6.1AI score0.0009EPSS

Exploits3References20

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24328

Name of the Vulnerable Software and Affected Versions Azure MCP Server affected versions not specified Description An authorized attacker can exploit a server-side request forgery SSRF condition in Azure MCP Server to gain elevated privileges on a network. SSRF occurs when an application makes...

9CVSS6AI score0.00049EPSS

Exploits0References30

OSV•added 2026/03/10 12:0 a.m.•3 views

UBUNTU-CVE-2026-26130

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.03634EPSS

Exploits0References6

Positive Technologies•added 2026/03/10 12:0 a.m.•1 views

PT-2026-24300

Уязвимость службы Routing and Remote Access Service RRAS операционных систем Windows связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, ействующему удаленно, выполнить произвольный код...

9CVSS5.8AI score0.00047EPSS

Exploits0References16

RedhatCVE•added 2026/03/09 8:1 a.m.•3 views

CVE-2026-2671

A vulnerability was detected in Mendi Neurofeedback Headset V4. Affected by this vulnerability is an unknown functionality of the component Bluetooth Low Energy Handler. Performing a manipulation results in cleartext transmission of sensitive information. The attack can only be performed from the...

3.1CVSS5.3AI score0.00008EPSS

Exploits0References1

EUVD•added 2026/03/07 6:30 p.m.•4 views

EUVD-2026-10185

3.1CVSS5.3AI score0.00008EPSS

Exploits0References5

Cvelist•added 2026/03/07 6:2 p.m.•24 views

CVE-2026-2671 Mendi Neurofeedback Headset Bluetooth Low Energy cleartext transmission

3.1CVSS0.00008EPSS

Exploits0References4

CVE•added 2026/02/24 3:58 p.m.•9 views

CVE-2025-13776

CVE-2025-13776 concerns multiple Finka programs that use hard-coded Firebird database credentials shared across all instances. The vulnerability allows a local-network attacker who knows the default credentials to read and edit database content. Affected products and upgraded releases are: Finka-...

8.6CVSS5.4AI score0.00021EPSS

Exploits0References2Affected Software6

VulnCheck KEV•added 2026/02/24 12:0 a.m.•2 views

VulnCheck KEV: CVE-2026-20931

External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network...

8CVSS5.8AI score0.00445EPSS

In wildExploits0References2

RedhatCVE•added 2026/02/19 1:27 a.m.•3 views

CVE-2026-26119

Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.5AI score0.00066EPSS

Exploits0References1

RedhatCVE•added 2026/02/11 7:44 p.m.•2 views

CVE-2026-21510

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.5AI score0.04964EPSS

Exploits3References1

RedhatCVE•added 2026/02/11 7:44 p.m.•2 views

CVE-2026-20841

Improper neutralization of special elements used in a command 'command injection' in Windows Notepad App allows an unauthorized attacker to execute code locally...

7.8CVSS6.1AI score0.00113EPSS

Exploits9References1

NVD•added 2026/02/10 6:16 p.m.•4 views

CVE-2026-21518

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS0.0007EPSS

Exploits0References1