CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: Fixed a crash by retaining the old configuration when updating Traffic Classes beyond the allocated queues. There are issues when the number of allocated queues is less than the number of Traffic Classes. The commit...

5.5CVSS6.4AI score0.00197EPSS

Exploits0References2

VulnCheck KEV•added 2026/02/02 12:0 a.m.•2 views

VulnCheck KEV: CVE-2025-15556

Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...

7.7CVSS6.4AI score0.01268EPSS

In wildExploits0References7

Positive Technologies•added 2025/12/09 12:0 a.m.•6 views

PT-2026-5735

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.8.9 Description The Notepad++ WinGUp updater has a flaw in how it verifies the integrity of updates. This allows an attacker who can intercept or redirect update traffic to cause the updater to download and execut...

7.7CVSS6.7AI score0.01268EPSS

Exploits0References47

RedhatCVE•added 2025/11/27 1:54 p.m.•3 views

CVE-2025-63432

Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerability by performing a Man-in-the-Middle MITM attack ...

4.6CVSS7.1AI score0.0015EPSS

Exploits1References1

The Hacker News•added 2024/01/30 1:45 p.m.•42 views

China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz

The China-based threat actor known as Mustang Panda is suspected to have targeted Myanmar's Ministry of Defence and Foreign Affairs as part of twin campaigns designed to deploy backdoors and remote access trojans. The findings come from CSIRT-CTI, which said the activities took place in November...

7.2AI score

Exploits0

OSV•added 2022/04/12 5:15 p.m.•2 views

CVE-2022-23703

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays during update. This would potentially allow an attacker to intercept and modify network communication for software updates...

7.5CVSS5.7AI score

Exploits0References1

OSV•added 2017/06/21 8:29 p.m.•1 views

CVE-2017-3218

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates...

8.8CVSS5.8AI score0.00344EPSS

Exploits0References2

BDU FSTEC•added 2016/07/05 12:0 a.m.•3 views

The vulnerability of the Dr.Web Enterprise Security Suite, a antivirus protection tool, allows a hacker to execute arbitrary code.

The vulnerability in the update mechanism of the Dr.Web Enterprise Security Suite lies in the lack of encryption for network traffic between the update server and the software being updated. The HTTP network connection is established without using TSL or SSH. This allows a malicious actor to carr...

10CVSS5.6AI score

Exploits0References4Affected Software1