CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/11 8:16 p.m.•3 views

Exploits0References8

DEBIAN-CVE-2026-3950

3.3CVSS3.9AI score0.00019EPSS

Exploits0References1

NVD•added 2026/03/11 8:16 p.m.•1 views

CVE-2026-3950

4.8CVSS0.00019EPSS

OSV•added 2026/03/11 8:16 p.m.•1 views

CVE-2026-3950

3.3CVSS5.2AI score0.00019EPSS

UbuntuCve•added 2026/03/11 8:16 p.m.•0 views

CVE-2026-3950

4.8CVSS5.4AI score0.00019EPSS

Exploits0References1

OSV•added 2026/03/11 8:16 p.m.•1 views

UBUNTU-CVE-2026-3950

4.8CVSS5.1AI score0.00019EPSS

Exploits0References2

Vulnrichment•added 2026/03/11 7:2 p.m.•1 views

CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds

CVE•added 2026/03/11 7:2 p.m.•3 views

CVE-2026-3950

CVE-2026-3950 affects strukturag libheif up to 1.21.2. The issue occurs in Track::load (libheif/sequences/track.cc, stsz/stts) and causes an out-of-bounds read. Exploitation requires local access; exploit code is publicly available. A patch exists but is unofficial/not officially approved. Remedi...

Cvelist•added 2026/03/11 7:2 p.m.•26 views

CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds

4.8CVSS0.00019EPSS

ATTACKERKB•added 2026/03/11 7:2 p.m.•2 views

CVE-2026-3950

Exploits0References7Affected Software1

Positive Technologies•added 2026/02/23 12:0 a.m.•0 views

PT-2026-24799

Name of the Vulnerable Software and Affected Versions strukturag libheif versions up to 1.21.2 Description A flaw exists in strukturag libheif, specifically within the Track::load function located in the libheif/sequences/track.cc file, related to the stsz/stts component. This can lead to an...

6.5CVSS5.6AI score0.00033EPSS

Exploits0References34

The Hacker News•added 2022/10/31 12:0 p.m.•79 views

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web MotW protections. The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a...

7.1AI score

Hive Pro Threat Advisories•added 2022/03/25 1:56 p.m.•54 views

Microsoft’s privilege escalation vulnerability that refuses to go away

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here After seven months, a vulnerability that was addressed in August 2021 patch Tuesday remained unpatched. This locally exploited vulnerability is tracked as CVE-2021-34484 and affects the Windows User Profile Service. While...

6.9CVSS0.9AI score0.02784EPSS

Exploits2

The Hacker News•added 2014/09/26 9:35 p.m.•13 views

Apple — Most Mac OS X Users Not Vulnerable to 'Shellshock' Bash Bug

On one hand where more than half of the Internet is considering the Bash vulnerability to be severe, Apple says the vast majority of Mac computer users are not at risk from the recently discovered vulnerability in the Bash command-line interpreter – aka the "Shellshock" bug that could allow hacke...

7.3AI score

0day.today•added 2012/03/22 12:0 a.m.•19 views

FreePBX 2.10.0, 2.9.0 Multiple Vulnerabilities

Exploit for php platform in category web applications Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution...

7.1AI score

Packet Storm•added 2012/03/21 12:0 a.m.•17 views

FreePBX 2.10.0 Remote Command Execution / XSS

Product: FreePBX Version: 2.10.0, 2.9.0 and perhaps earlier versions Type: Remote Command Execution, XSS Release Date: March 14, 2012 Vendor Notification Date: Jun 12, 2011 Author: Martin Tschirsich Overview: A remote command execution vulnerability and some XSS in current and earlier FreePBX...

7.4AI score

ThreatPost•added 2010/09/15 7:26 p.m.•8 views

Unofficial Patch Released for Adobe Reader Bug

As users await the Oct. 4 release of a patch for the CoolType.dll vulnerability in Adobe Reader, a software and security company has published an unofficial patch for the bug that essentially replaces the vulnerable DLL with a patched one. The patch was published Wednesday by RamzAfzar, a softwar...

0.2AI score

Exploits0References5

securityvulns•added 2007/01/30 12:0 a.m.•67 views

Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects

Separate from CVE-2006-5872, there is a possibility of causing arbitrary code execution during redirects. This requires a valid login to exploit and was discovered and brought to the attention of both the SQL-Ledger and LedgerSMB team in November. LedgerSMB 1.1.5 corred the problem, but it is sti...

7.5CVSS1.9AI score0.01495EPSS