CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

SUSE CVE•added 2026/04/03 11:24 p.m.•1 views

SUSE CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6AI score0.00221EPSS

Exploits0References3

Vulnrichment•added 2026/04/02 12:0 a.m.•3 views

CVE-2026-34877

6AI score0.00221EPSS

Exploits0References2

OSV•added 2026/02/25 11:16 a.m.•3 views

DEBIAN-CVE-2026-26103

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

7.1CVSS5.2AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:54 a.m.•3 views

CVE-2018-4399

An access issue existed with privileged API calls. This issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5...

5.5CVSS6.3AI score0.00279EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:27 a.m.•7 views

CVE-2019-12474

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6...

7.5CVSS6.5AI score0.00256EPSS

Exploits0References1

RedhatCVE•added 2025/12/14 12:57 a.m.•3 views

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

7.3CVSS6.7AI score0.00071EPSS

Exploits1References1

CVE•added 2025/12/04 12:0 a.m.•8 views

CVE-2025-55948

CVE-2025-55948 describes a desynchronization bug in yzcheng90’s X-SpringBoot 6.0 RBAC, arising from dual reliance on frontend menu states and backend permission tables without atomic synchronization. The flaw allows UI to revoke privileges while stale backend permissions still authorize API reque...

7.3CVSS6.4AI score0.00071EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/11/17 10:55 p.m.•1 views

CVE-2025-31649 Dell ControlVault3 ControlVault WBDI Driver hard-coded password vulnerability

A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call...

8.7CVSS6.5AI score0.00017EPSS

Exploits0References2

Positive Technologies•added 2025/11/17 12:0 a.m.•2 views

PT-2025-47226

Name of the Vulnerable Software and Affected Versions Dell ControlVault3 versions prior to 5.15.14.19 Dell ControlVault3 Plus versions prior to 6.2.36.47 Description A hard-coded password exists within the ControlVault WBDI Driver functionality. An attacker can exploit this by issuing a specially...

8.7CVSS6.8AI score0.00017EPSS

Exploits0References8