CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

177 matches found

RedhatCVE•added 2026/04/07 11:1 p.m.•2 views

CVE-2026-5707

Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio RES version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To...

8.8CVSS6.2AI score0.00124EPSS

Exploits1References1

EUVD•added 2026/04/07 12:30 a.m.•1 views

EUVD-2026-19548

8.8CVSS6.2AI score0.00124EPSS

Exploits1References4

NVD•added 2026/04/06 10:16 p.m.•0 views

CVE-2026-5707

8.8CVSS0.00124EPSS

Exploits1References3

ATTACKERKB•added 2026/04/06 9:28 p.m.•2 views

CVE-2026-5708

Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...

8.8CVSS5.9AI score0.0007EPSS

Exploits1References4Affected Software1

CVE•added 2026/04/06 9:25 p.m.•5 views

CVE-2026-5707

Technical details (vulnerable component, root cause, affected versions, exploitation) are not publicly provided in the supplied documents. Monitor for updates.

8.8CVSS6.2AI score0.00124EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/04/06 9:25 p.m.•17 views

CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

8.8CVSS0.00124EPSS

Exploits1References3

ATTACKERKB•added 2026/04/06 9:25 p.m.•1 views

CVE-2026-5707

8.8CVSS6.2AI score0.00124EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/04/06 9:25 p.m.•2 views

CVE-2026-5707 Command Injection via Virtual Desktop Session Name in AWS Research and Engineering Studio (RES)

8.8CVSS6.2AI score0.00124EPSS

Exploits1References3

Positive Technologies•added 2026/04/06 12:0 a.m.•2 views

PT-2026-30745

Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions 2025.03 through 2025.12.01 Description An issue exists in the virtual desktop session name handling that could allow a remote authenticated actor to execute arbitrary commands as root on the...

8.8CVSS6.2AI score0.00124EPSS

Exploits1References10

RedhatCVE•added 2026/03/27 2:27 p.m.•5 views

CVE-2021-27007

NetApp Virtual Desktop Service VDS when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop Session...

9.8CVSS7AI score0.00713EPSS

Exploits0References1

Microsoft KB•added 2026/02/10 4:0 p.m.•28 views

February 10, 2026—Hotpatch KB5075942 (OS Build 26100.32313)

February 10, 2026—Hotpatch KB5075942 OS Build 26100.32313 This update applies to Windows Server 2025 Datacenter & Standard machines connected to Azure Arc. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and continuous...

9.8CVSS5.9AI score0.72697EPSS

Exploits36

Zero Day Initiative•added 2025/12/09 12:0 a.m.•1 views

Microsoft Azure Virtual Desktop Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Virtual Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

7.8CVSS7.4AI score

Exploits0References1

CVE•added 2025/11/13 2:35 p.m.•21 views

CVE-2025-64740

CVE-2025-64740 affects Zoom Workplace VDI Client for Windows prior to 6.3.14, 6.4.12, or 6.5.10. Root cause: improper verification of the installer’s cryptographic signature, enabling an authenticated local user to escalate privileges. Remediation: upgrade to the fixed versions (6.3.14+, 6.4.12+,...

7.8CVSS6.6AI score0.00008EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/11/13 12:0 a.m.•3 views

PT-2025-46835

Name of the Vulnerable Software and Affected Versions Zoom Workplace VDI Plugin versions 6.3.0 through 6.3.13 Zoom Workplace VDI Plugin versions 6.4.0 through 6.4.13 Zoom Workplace VDI Plugin versions 6.5.0 through 6.5.9 Description The installer for the Zoom Workplace VDI Plugin on macOS is...

6.6CVSS6AI score0.00013EPSS

Exploits0References3

RedhatCVE•added 2025/11/07 5:32 p.m.•2 views

CVE-2025-12815

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...

5.3CVSS6.8AI score0.00049EPSS

Exploits0References1

NVD•added 2025/11/06 6:15 p.m.•3 views

CVE-2025-12815

5.3CVSS0.00049EPSS

Exploits0References3

OSV•added 2025/11/06 6:15 p.m.•3 views

CVE-2025-12815

5.3CVSS6.9AI score

Exploits0References3

EUVD•added 2025/11/06 5:10 p.m.•2 views

EUVD-2025-38148

5.3CVSS6.3AI score0.00049EPSS

Exploits0References3

Cvelist•added 2025/11/06 5:10 p.m.•3 views

CVE-2025-12815

5.3CVSS0.00049EPSS

Exploits0References3

CVE•added 2025/11/06 5:10 p.m.•3 views

CVE-2025-12815

Summary of CVE-2025-12815 (AWS RES) : An ownership verification issue exists in the Virtual Desktop preview page of the Research and Engineering Studio (RES) on AWS, affecting versions prior to 2025.09. A remote user with network access may be able to view metadata from another user’s active desk...

5.3CVSS6.4AI score0.00049EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by