CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Circl•added 2026/03/27 7:18 p.m.•3 views

CVE-2025-15381

creationtimestamp| type| source ---|---|--- 2026-03-27 19:18:40+00:00| published-proof-of-concept| Telegram/1bFqVBg1WZRYib4qCiBn36zcLriGuSpWJXWdU6ZWtzYtM 2026-03-27 19:18:53+00:00| seen| Telegram/aqievDs9oCICHmk4C8wabuGpxUWUtlG5g0Gk9aIz6TfeTOo 2026-03-27 22:15:31+00:00| seen|...

8.1CVSS7.7AI score0.00318EPSS

Exploits1References2

CVE•added 2026/03/27 7:18 p.m.•14 views

CVE-2026-34389

CVE-2026-34389 affects Fleet open-source device management. Before 4.81.0, the user invitation flow did not validate the invitee’s email during invite acceptance against the email tied to the invite token. An attacker with a valid invite token could create an account under an arbitrary email whil...

7.1CVSS6AI score0.00184EPSS

Chainguard•added 2026/03/27 7:17 p.m.•5 views

CVE-2026-4696 vulnerabilities

Vulnerabilities for packages: firefox...

9.8CVSS5.8AI score0.00491EPSS

Exploits0

Vulnrichment•added 2026/03/27 7:13 p.m.•2 views

CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

8.7CVSS5.9AI score0.00263EPSS

CVE•added 2026/03/27 7:13 p.m.•13 views

CVE-2026-34388

CVE-2026-34388 affects Fleet open-source device management software. Before version 4.81.0, an unaudited denial-of-service condition exists in Fleet’s gRPC Launcher endpoint, where an authenticated host can crash the entire Fleet server process by sending an unexpected log type value. The crash t...

8.7CVSS5.9AI score0.00263EPSS

OSV•added 2026/03/27 7:13 p.m.•3 views

CVE-2026-34388 Fleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpoint

8.7CVSS5.9AI score0.00263EPSS

Exploits0References3

ATTACKERKB•added 2026/03/27 6:31 p.m.•4 views

CVE-2026-34387

Fleet is open source device management software. Prior to 4.81.1, a command injection vulnerability in Fleet's software installer pipeline allows an attacker to achieve arbitrary code execution as root macOS/Linux or SYSTEM Windows on managed hosts when an uninstall is triggered for a crafted...

8.4CVSS6.4AI score0.01282EPSS

EUVD•added 2026/03/27 6:31 p.m.•4 views

EUVD-2026-16758

8.4CVSS6.4AI score0.01282EPSS

Cvelist•added 2026/03/27 6:31 p.m.•21 views

CVE-2026-34387 Fleet vulnerable to OS command injection via crafted software package metadata in uninstall scripts

8.4CVSS0.01282EPSS

CVE•added 2026/03/27 6:31 p.m.•16 views

CVE-2026-34387

Fleet is an open source device management platform. A command injection vulnerability exists in Fleet’s software installer pipeline prior to version 4.81.1, enabling arbitrary code execution as root on macOS/Linux or SYSTEM on Windows when uninstalling a crafted software package. Affected compone...

9.8CVSS6.4AI score0.01282EPSS

ATTACKERKB•added 2026/03/27 6:30 p.m.•5 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS

Cvelist•added 2026/03/27 6:29 p.m.•20 views

CVE-2026-34385 Fleet's Apple MDM profile delivery has second-order SQL injection that can compromise the database

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS0.00197EPSS

ATTACKERKB•added 2026/03/27 6:29 p.m.•2 views

CVE-2026-34385

8.6CVSS6AI score0.00197EPSS

CVE•added 2026/03/27 6:29 p.m.•17 views

CVE-2026-34385

CVE-2026-34385 affects Fleet open source device management software. A second‑order SQL injection in Fleet’s Apple MDM profile delivery pipeline prior to 4.81.0 could allow a user with a valid MDM enrollment certificate to exfiltrate or modify the Fleet database contents, including user credentia...

8.6CVSS6AI score0.00197EPSS

Cvelist•added 2026/03/27 6:27 p.m.•23 views

CVE-2026-29180 Fleet's team maintainer can transfer hosts from any team via missing source team authorization

Fleet is open source device management software. Prior to 4.81.1, a broken access control vulnerability in Fleet's host transfer API allows a team maintainer to transfer hosts from any team into their own team, bypassing team isolation boundaries. Once transferred, the attacker gains full control...

7.1CVSS0.00315EPSS

ATTACKERKB•added 2026/03/27 6:22 p.m.•1 views

CVE-2026-26060

Fleet is open source device management software. Prior to 4.81.0, a vulnerability in Fleet’s password management logic could allow previously issued password reset tokens to remain valid after a user changes their password. As a result, a stale password reset token could be reused to reset the...

6CVSS5.8AI score0.00335EPSS

vulnersOsv•added 2026/03/27 6:20 p.m.•5 views

4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3655 more potentially affected by CVE-2026-33938 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33938 Source advisory: OSV:GHSA-3MFM-83XF-C92R...

8.1CVSS6.1AI score0.00617EPSS

Exploits1

RedhatCVE•added 2026/03/27 5:9 p.m.•7 views

CVE-2025-55272

HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attacks...

5.3CVSS5.9AI score0.00225EPSS