CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/05 2:15 p.m.•2 views

CVE-2026-7412

8.6CVSS6.1AI score0.00033EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в harfbuzz

An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS via unspecified vectors...

5.5CVSS7.2AI score0.00139EPSS

Exploits1References2

Tenable Nessus•added 2026/04/30 12:0 a.m.•3 views

HP Printer Cross-Site Request Forgery (CVE-2009-0940)

Multiple cross-site request forgery CSRF vulnerabilities in the HP Embedded Web Server EWS on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that 1 print documents via unknown vectors, 2 modif...

5.1CVSS5.8AI score0.00837EPSS

Exploits1References2

OSV•added 2026/04/21 9:7 a.m.•2 views

CLSA-2026-1776762459 harfbuzz: Fix of CVE-2023-25193

CVE-2023-25193: optimize looking back for base glyphs in hb-ot-layout-gsubgpos-private.hh...

7.5CVSS6.8AI score0.00068EPSS

Tenable Nessus•added 2026/04/17 12:0 a.m.•3 views

AVTECH Room Alert Cleartext Storage of Sensitive Information (CVE-2024-33470)

When an administrator authenticates with the device and browses the settings pages, the SMTP password is loaded from the device and presented in the DOM in plaintext. When settings are saved, the SMTP credentials are sent back to the device in plain text. This allows an actor with administrative...

4.9CVSS5.8AI score0.00056EPSS

Tenable Nessus•added 2026/04/07 12:0 a.m.•2 views

Trane Tracer SC, Tracer SC+, and Tracer Concierge Use of a Broken or Risky Cryptographic Algorithm (CVE-2026-28252)

A Use of a Broken or Risky Cryptographic Algorithm vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to bypass authentication and gain root-level access to the device. This plugin only works with Tenable.ot. Please visit...

9.8CVSS5.8AI score0.0004EPSS

RedhatCVE•added 2026/03/26 3:14 p.m.•2 views

CVE-2026-4433

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used...

Tenable Nessus•added 2026/03/25 12:0 a.m.•0 views

Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...

9.6CVSS6.1AI score0.00056EPSS

Exploits0References4

NVD•added 2026/03/24 9:16 p.m.•2 views

CVE-2026-4433

4.8CVSS0.00063EPSS

CVE•added 2026/03/24 8:26 p.m.•3 views

CVE-2026-4433

Tenable OT contains an SSH misconfiguration that can allow exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could enable an attacker to gather system details and potentially aid host compromise. Affected item is the SSH configuration; the vulnerab...

Vulnrichment•added 2026/03/24 8:26 p.m.•1 views

CVE-2026-4433

Cvelist•added 2026/03/24 8:26 p.m.•21 views

CVE-2026-4433

4.8CVSS0.00063EPSS

Positive Technologies•added 2026/03/24 12:0 a.m.•2 views

PT-2026-27518

Tenable Nessus•added 2026/03/23 12:0 a.m.•2 views

Siemens APE1808 Improper Limitation of a Pathname to a Restricted Directory (CVE-2024-48885)

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0...

9.1CVSS5.9AI score0.00295EPSS

Exploits0References3

Tenable Nessus•added 2026/03/23 12:0 a.m.•3 views

Siemens APE1808 Improper Limitation of a Pathname to a Restricted Directory (CVE-2024-48884)

A improper limitation of a pathname to a restricted directory 'path traversal' in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5,...

9.1CVSS5.9AI score0.50282EPSS

Exploits0References3

Tenable Nessus•added 2026/03/23 12:0 a.m.•1 views

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-38111)

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of parameters passed ...

7.1CVSS6.2AI score0.00082EPSS

Tenable Nessus•added 2026/03/23 12:0 a.m.•0 views

Siemens APE1808 Insertion of Sensitive Information into Sent Data (CVE-2024-47569)

A insertion of sensitive information into sent data in Fortinet FortiManager Cloud 7.4.1 through 7.4.3, FortiVoice 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.7 through 6.0.12, FortiMail 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.9, FortiOS 7.6.0, 7.4.0 through 7.4.4, 7.2.0...

4.3CVSS5.8AI score0.0001EPSS

Tenable Nessus•added 2026/03/23 12:0 a.m.•4 views

Siemens SIMATIC S7-1500 Out-of-bounds Read (CVE-2025-38342)

In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in softwarenodegetreferenceargs softwarenodegetreferenceargs wants to get @index-th element, so the property value requires at least 'index + 1 sizeofref' bytes but that can not be guaranteed by...

7.1CVSS6.1AI score0.00067EPSS