CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/10 12:0 a.m.•8 views

PT-2026-48441

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the server ip path parameter as a user-id when service == 'user', with no authorization check. Any authenticated user — even a guest in an unrelated group —...

4.3CVSS5.5AI score0.00176EPSS

Exploits0References2

OSV•added 2026/05/24 8:52 a.m.•8 views

MAL-2026-4697 Malicious code in twokey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20c6d8e22fd03dd5ff39bac81bcbffd05db3b2a08dcf9768332094ffcca4eebd The package's postinstall hook unconditionally executes node bin/twokey.js --desktop --enable-autostart, which performs three install-time actions...

5.9AI score

CVE•added 2026/05/11 7:30 p.m.•11 views

CVE-2026-8320

CVE-2026-8320 affects jishenghua jshERP up to 3.6. The vulnerability is in the getUserByWeixinCode function of jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java within the updatePlatformConfigByKey Endpoint. Manipulating the weixinUrl argument leads to server-side request forgery (SS...

5.8CVSS5.5AI score0.00223EPSS

OSV•added 2026/03/18 12:34 p.m.•6 views

MAL-2026-1641 Malicious code in @uc-platform/user-service-client-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3b540186390d5c469d9b5de607c8d6b64fc0315e70c245ec70c16f1732058cc The package @uc-platform/user-service-client-ts was found to contain malicious code...

5.8AI score

OSSF Malicious Packages•added 2026/03/18 12:34 p.m.•8 views

Malicious code in @uc-platform/user-service-client-ts (npm)

5.8AI score

RedhatCVE•added 2026/01/09 10:47 a.m.•4 views

CVE-2022-31267

Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...

9.8CVSS7.1AI score0.17749EPSS

Exploits1References1

CVE•added 2025/11/11 5:59 p.m.•19 views

CVE-2025-60717

CVE-2025-60717 is a use-after-free vulnerability in Windows Broadcast DVR User Service that allows an authorized user to gain elevated privileges locally. The connected sources (NVD, CVE lists, and EU/NCSc advisories) corroborate the affected component and privilege-elevation impact, with no publ...

Exploits0References1Affected Software9

Cvelist•added 2025/11/11 5:59 p.m.•7 views

CVE-2025-60717 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

...

7CVSS0.00309EPSS

Vulnrichment•added 2025/11/11 5:59 p.m.•3 views

CVE-2025-60717 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

...

7CVSS6.6AI score0.00309EPSS

CVE•added 2025/11/11 5:59 p.m.•18 views

CVE-2025-59515

CVE-2025-59515 is a use-after-free vulnerability in Windows Broadcast DVR User Service that enables local privilege escalation for an authorized attacker. The NVD/NCSC entries confirm the impact as elevated rights locally, with CVSS v3.1 base score 7.0 (HIGH) and LOCAL/LOW privileges required, no...

Exploits0References1Affected Software9

Vulnrichment•added 2025/11/11 5:59 p.m.•3 views

CVE-2025-59515 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

...

7CVSS6.6AI score0.00309EPSS

Cvelist•added 2025/11/11 5:59 p.m.•5 views

CVE-2025-59515 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

...

7CVSS0.00309EPSS

EUVD•added 2025/11/11 5:59 p.m.•5 views

EUVD-2025-93418

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally...

Microsoft CVE•added 2025/11/11 8:0 a.m.•3 views

Exploits0References2

Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally...

7CVSS5.6AI score0.00309EPSS

Microsoft CVE•added 2025/11/11 8:0 a.m.•4 views

Windows Broadcast DVR User Service Elevation of Privilege Vulnerability

Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally...

7CVSS5.6AI score0.00309EPSS

Positive Technologies•added 2025/11/11 12:0 a.m.•4 views

PT-2025-46465

Name of the Vulnerable Software and Affected Versions Windows Broadcast DVR User Service affected versions not specified Description A use-after-free condition exists in the Windows Broadcast DVR User Service. This allows an authorized attacker to gain elevated privileges on a local system...

CNNVD•added 2025/11/11 12:0 a.m.•5 views

Microsoft Windows 资源管理错误漏洞

Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. A resource management error vulnerability exists in Microsoft Windows Broadcast DVR User Service. An attacker could exploit the vulnerability to elevate privileges. The following products and...

7CVSS5.2AI score0.00309EPSS

Positive Technologies•added 2025/11/11 12:0 a.m.•5 views

PT-2025-46478

Name of the Vulnerable Software and Affected Versions Windows Broadcast DVR User Service affected versions not specified Description A use after free condition exists in the Windows Broadcast DVR User Service. This allows an authorized attacker to gain elevated privileges on a local system...