CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

237 matches found

RedhatCVE•added 2026/04/23 7:58 p.m.•0 views

CVE-2026-39907

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2...

10CVSS5.8AI score0.01042EPSS

Exploits1References1

NVD•added 2026/04/23 4:16 p.m.•1 views

CVE-2026-23751

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 other versions may be affected exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An...

9.8CVSS0.00275EPSS

Exploits0References3

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013465)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013465 advisory. A bug affects the Linux kernels ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. Tenable has extracted the preceding...

7.5CVSS6.7AI score0.04508EPSS

Exploits1References3

Tenable Nessus•added 2026/04/21 12:0 a.m.•1 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011330 advisory. A bug affects the Linux kernels ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. Tenable has extracted the preceding...

7.5CVSS6.7AI score0.04508EPSS

Exploits1References3

NVD•added 2026/04/14 10:16 p.m.•1 views

CVE-2026-39906

Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose a deprecated .NET Remoting TCP channel that allows remote unauthenticated attackers to leak NTLMv2 machine-account hashes by supplying a Windows UNC path as a target file argument through object-unmarshalling...

10CVSS0.00094EPSS

Exploits1References3

Vulnrichment•added 2026/04/14 9:21 p.m.•1 views

CVE-2026-39907 Unisys WebPerfect Image Suite 3.0 NTLMv2 Hash Leakage via WCF SOAP

7CVSS5.8AI score0.01042EPSS

Exploits1References3

Positive Technologies•added 2026/04/09 12:0 a.m.•2 views

PT-2026-31734

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

8.7CVSS5.9AI score0.0006EPSS

Exploits1References3

AlpineLinux•added 2026/04/01 8:10 p.m.•2 views

CVE-2026-34515

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4...

8.7CVSS5.5AI score0.00021EPSS

Exploits0

Positive Technologies•added 2026/02/13 12:0 a.m.•7 views

PT-2026-8030

Name of the Vulnerable Software and Affected Versions Calero VeraSMART versions prior to 2022 R1 Description An unauthenticated .NET Remoting HTTP service is exposed on TCP port 8001 in affected versions. The service publishes default ObjectURIs, including EndeavorServer.rem and...

10CVSS6.6AI score0.00262EPSS

Exploits1References5

Vulnrichment•added 2025/12/04 9:36 p.m.•2 views

CVE-2025-10285 Simplcity Device Manager exposes NTLMv2 hash

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

7.4CVSS6.5AI score0.00025EPSS

Exploits0References1

Hacker One•added 2025/10/21 11:41 p.m.•8 views

curl: Memory leak in Curl_auth_create_ntlm_type3_message

Summary: When handling NTLMv2, if the decoded type-2 “TargetInfo” is large enough that ntresplen+headersize exceeds NTLMBUFSIZE 1024, the code returns early without freeing ntlmv2resp, causing a memory leak...

7AI score

Exploits0

RedhatCVE•added 2025/10/10 9:27 p.m.•3 views

CVE-2025-35061

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...

8.2CVSS6.9AI score0.00051EPSS

Exploits0References1

CVE•added 2025/10/09 8:22 p.m.•7 views

CVE-2025-35061

Newforma Info Exchange (NIX) is affected via the NPCSRemoteWeb/LegacyIntegrationServices.asmx endpoint. An unauthenticated remote attacker can cause NIX to initiate an SMB connection to a system under attacker control, enabling capture of the NTLMv2 hash of the NIX service account. This informati...

8.2CVSS6.6AI score0.00051EPSS

Exploits0References2Affected Software1

CVE•added 2025/10/09 8:21 p.m.•5 views

CVE-2025-35057

Newforma Info Exchange (NIX) has a vulnerability in the /RemoteWeb/IntegrationServices.ashx endpoint that allows a remote, unauthenticated attacker to coerce NIX into making an SMB connection to an attacker-controlled system, enabling the attacker to capture the NTLMv2 hash of the NIX service acc...

6CVSS6.6AI score0.00046EPSS

Exploits0References2Affected Software1