CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

980 matches found

RedhatCVE•added 2026/01/09 12:17 p.m.•6 views

CVE-2018-10716

An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe, 2345SafeTray.exe, and 2345Speedup.exe allow local users to bypass intended process protections, and consequently terminate processes, because WMCLOSE is not properly considered...

5.5CVSS6.7AI score0.00048EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:43 a.m.•7 views

CVE-2010-0180

Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when usesuexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the sitewidesecret field...

1.9CVSS6.5AI score0.00053EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 11:22 a.m.•8 views

CVE-2021-22451

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting...

7.8CVSS6.8AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:18 a.m.•2 views

CVE-2021-0994

In requestRouteToHostAddress of ConnectivityService.java, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interactio...

3.3CVSS6.2AI score0.00012EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:16 a.m.•4 views

CVE-2021-0539

In archiveStoredConversation of MmsService.java, there is a possible way to archive message conversation without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7AI score0.00014EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:15 a.m.•4 views

CVE-2021-0445

In start of WelcomeActivity.java, there is a possible residual profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9Android I...

7.8CVSS7AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:15 a.m.•8 views

CVE-2021-0511

In Dex2oat of dex2oat.cc, there is a possible way to inject bytecode into an app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9...

7.8CVSS7AI score0.00035EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:13 a.m.•3 views

CVE-2019-2004

In publishKeyEvent, publishMotionEvent and sendUnchainedFinishedSignal of InputTransport.cpp, there are uninitialized data leading to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0...

5.5CVSS6.4AI score0.00017EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:12 a.m.•5 views

CVE-2019-2231

In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID...

4.4CVSS6.2AI score0.00024EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:54 a.m.•3 views

CVE-2020-23490

There was a local file disclosure vulnerability in AVideo 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file...

7.5CVSS6.3AI score0.16676EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:51 a.m.•3 views

CVE-2020-10049

A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V2.10.2. The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system...

7.3CVSS6.9AI score0.00044EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:53 a.m.•3 views

CVE-2021-27277

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Orion Virtual Infrastructure Monitor 2020.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific...

7.8CVSS7.2AI score0.02208EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:50 a.m.•7 views

CVE-2021-31427

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw...

7.3CVSS6.3AI score0.00074EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:47 a.m.•5 views

CVE-2017-6894

A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier including FlexNet Manager Platform 9.2 and earlier that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system...

7.8CVSS6.7AI score0.0004EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:38 a.m.•6 views

CVE-1999-0466

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device...

7.2CVSS6.8AI score0.0006EPSS

Exploits0References1