CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1285 matches found

EUVD-2026-34576

Use after free in Updater in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...

5.8AI score

Exploits0References3

NVD•added yesterday•2 views

CVE-2026-11115

Exploits0References2

Cvelist•added yesterday•17 views

CVE-2026-11115

Exploits0References2

CVE•added yesterday•3 views

CVE-2026-11115

CVE-2026-11115 concerns Google Chrome on Windows prior to version 149.0.7827.53. A use-after-free in the Updater allows a local attacker to escalate privileges via a malicious file. Documents do not provide exploit details beyond this description. The likely remediation is upgrading to version 14...

5.8AI score

Exploits0References2

Tenable Nessus•added yesterday•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-41259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root...

7.3CVSS5.5AI score0.00012EPSS

Exploits0References2

Positive Technologies•added yesterday•4 views

PT-2026-46642

5.8AI score

Exploits0References3

ATTACKERKB•added 3 days ago•5 views

CVE-2026-3722

The Auto Image Attributes From Filename With Bulk Updater Add Alt Text, Image Title For Image SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment metadata in all versions up to, and including, 4.9 due to insufficient input sanitization and output escaping. Thi...

6.4CVSS6AI score0.00029EPSS

Exploits0References4

EUVD•added 3 days ago•7 views

EUVD-2026-33869

6.4CVSS6AI score0.00029EPSS

Exploits0References3

Vulnrichment•added 3 days ago•6 views

CVE-2026-3722 Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) <= 4.9 - Authenticated (Author+) Stored Cross-Site Scripting via Image Attribute

6.4CVSS6AI score0.00029EPSS

Exploits0References3

NVD•added 6 days ago•15 views

CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

8.8CVSS0.00043EPSS

Exploits0References4

Github Security Blog•added 2026/05/29 7:47 p.m.•14 views

Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection

Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...

5.8AI score

Exploits0References2Affected Software1

Cvelist•added 2026/05/28 8:28 p.m.•25 views

CVE-2026-42070 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, the mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing t...

5.3CVSS0.00043EPSS

Exploits0References4

OSSF Malicious Packages•added 2026/05/22 11:39 a.m.•21 views

Malicious code in @tmecontinue/claude (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0813d6ca6de1573ab8f99aae08444e589f4c5751931e4b18812140f720b74239 Package self-describes as a 'Reverse-engineered Anthropic Claude Code CLI' and impersonates the legitimate @anthropic-ai/claude-code bin name...

5.9AI score

Exploits0References1