CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

322 matches found

NVD•added 2026/06/17 10:54 a.m.•5 views

CVE-2026-46929

Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite component: Cost Planning. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cost Management...

8.8CVSS0.00402EPSS

Exploits0References1

ATTACKERKB•added 2026/05/08 7:26 p.m.•4 views

CVE-2026-42181

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...

6.5CVSS5.7AI score0.00209EPSS

Exploits0References3Affected Software1

ATTACKERKB•added 2026/04/24 4:51 p.m.•1 views

CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS5.4AI score0.00501EPSS

Exploits0References4Affected Software1

CVE•added 2026/04/08 11:24 a.m.•19 views

CVE-2026-28264

Dell PowerProtect Agent Service (versions prior to 20.1) is affected by an Incorrect Permission Assignment for Critical Resource vulnerability. A low-privileged attacker with local access could trigger information exposure. Affected component: Dell PowerProtect Agent Service. Root cause: incorrec...

5.5CVSS5.9AI score0.0013EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/03/25 4:8 p.m.•19 views

CVE-2026-20114

A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would not normally be available for Lobby Ambassador users. This vulnerability exists because...

5.4CVSS0.00284EPSS

Exploits0References1

Positive Technologies•added 2026/03/02 12:0 a.m.•6 views

PT-2026-22562

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843...

5.9AI score0.00071EPSS

Exploits0References2

RedhatCVE•added 2026/02/26 10:35 p.m.•6 views

CVE-2026-20037

A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system. This vulnerability exists because unnecessary privileges are given to the...

4.4CVSS5.5AI score0.00095EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:36 a.m.•2 views

CVE-2021-41614

An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The read/write access permissions to the Exception Program Counter Register EPCR are not implemented correctly. User programs from an unauthorized privilege level can make read/write accesses to EPCR...

7.8CVSS7AI score0.00162EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:8 a.m.•17 views

CVE-2019-20025

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privileg...

10CVSS7.1AI score0.02925EPSS

Exploits0References1

EUVD•added 2025/11/10 9:30 p.m.•3 views

EUVD-2025-50785

A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET Supervisor-mode Exception Return instruction fails to correctly transition the processor's privilege level. Instead of downgrading from Machine-mode M-mode to Supervisor-mode S-mode as specified by...

6.5AI score0.00268EPSS

Exploits1References3

AstraLinux•added 2025/11/01 10:54 a.m.•3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: parisc: Revised the gateway LWS calls to probe user read access rights. We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Due to the way read access support is implemented,...

5.5CVSS6.7AI score0.00136EPSS

Exploits0References3

AstraLinux•added 2025/11/01 10:54 a.m.•4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: parisc: Revised getuser to probe user read access. Due to the way read access support is implemented, read access interruptions are only triggered at privilege levels 2 and 3. The kernel executes at privilege level 0, so getuser...

5.5CVSS6.7AI score0.00136EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-0973

Malware in sbrugna...

10CVSS9.2AI score0.0434EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2017-15088

Malware in sbrugna...

5.3CVSS5.3AI score0.08733EPSS

Exploits4References5