CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/01/15 12:0 a.m.•1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003128)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003128 advisory. An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land an...

7.8CVSS7.3AI score0.00072EPSS

Exploits1References16

NVD•added 2026/01/13 9:15 p.m.•3 views

CVE-2025-37186

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access VIA client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges...

7.8CVSS0.00007EPSS

Positive Technologies•added 2026/01/13 12:0 a.m.•2 views

PT-2026-2464

7.8CVSS7.6AI score0.00007EPSS

Tenable Nessus•added 2026/01/09 12:0 a.m.•3 views

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements Used in a Command (CVE-2024-56837)

Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

8.6CVSS7.6AI score0.00017EPSS

Tenable Nessus•added 2026/01/09 12:0 a.m.•2 views

Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56840)

7.5CVSS7.6AI score0.00028EPSS

RedhatCVE•added 2026/01/07 9:54 a.m.•8 views

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image...

6.8CVSS7.2AI score0.00016EPSS

RedhatCVE•added 2025/12/31 8:0 p.m.•2 views

CVE-2025-69257

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.1.1, the application loads custom Python rules and configuration files from user-writable locations e.g., /.config/theshit/ without validating ownership or permissions when...

6.7CVSS7.5AI score0.00004EPSS

EUVD•added 2025/12/30 11:45 p.m.•4 views

EUVD-2025-205849

theshit vulnerable to unsafe loading of user-owned Python rules when running as root...

6.7CVSS6.5AI score0.00004EPSS

Cvelist•added 2025/12/23 10:4 p.m.•22 views

CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...

9.4CVSS0.00313EPSS

Exploits1References4

RedhatCVE•added 2025/12/19 6:19 p.m.•3 views

CVE-2025-14739

Access of Uninitialized Pointer vulnerability in TP-Link WR940N and WR941ND allows local unauthenticated attackers the ability to execute DoS attack and potentially arbitrary code execution under the context of the ‘root’ user.This issue affects WR940N and WR941ND: ≤ WR940N v5 3.20.1 Build 200316...

7.7CVSS7.9AI score0.00028EPSS

Vulnrichment•added 2025/12/18 6:2 p.m.•1 views

CVE-2025-14739 Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND

7.7CVSS7.5AI score0.00028EPSS

Cvelist•added 2025/12/18 6:2 p.m.•21 views

CVE-2025-14739 Uninitialized Pointer Vulnerability in TP-Link WR940N and WR941ND

7.7CVSS0.00028EPSS

Positive Technologies•added 2025/12/18 12:0 a.m.•1 views

PT-2025-52278

7.7CVSS7.8AI score0.00028EPSS

Exploits0References5

OSV•added 2025/12/17 7:16 p.m.•2 views

CVE-2024-46062

Miniconda3 macOS installers before 23.11.0-1 contain a local privilege escalation vulnerability when installed outside the user's home directory. During installation, world-writable files are created and executed with root privileges. This flaw allows a local low-privileged user to inject arbitra...

7.8CVSS6.2AI score0.00031EPSS

Exploits1References2

EUVD•added 2025/12/17 12:31 a.m.•2 views

EUVD-2025-203853

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

8.6CVSS7.2AI score0.00125EPSS