CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

152 matches found

Positive Technologies•added 2026/05/19 12:0 a.m.•9 views

PT-2026-41934

Name of the Vulnerable Software and Affected Versions Portrait Dell Color Management versions prior to 3.7.0 Description A symbolic link issue exists in the Portrait Dell Color Management application on Windows. A local low-privileged user can escalate privileges to Administrator because the...

5.3CVSS5.9AI score0.00144EPSS

Exploits0References5

Tenable Nessus•added 2026/01/08 12:0 a.m.•3 views

Microsoft Entra Cloud Sync Installed (Windows)

Binary data microsoftentracloudsyncwininstalled.nbin...

7AI score

Exploits0References1

Tenable Nessus•added 2025/12/09 12:0 a.m.•4 views

Progress Telerik Document Processing Libraries Installed (Windows)

Binary data progresstelerikdocumentprocessinglibrarieswininstalled.nbin...

7AI score

Exploits0References1

RedhatCVE•added 2025/12/04 5:16 p.m.•3 views

CVE-2025-20387

In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on...

8CVSS6.8AI score0.0048EPSS

Exploits0References1

OSV•added 2025/12/03 5:15 p.m.•1 views

CVE-2025-20387

6.5CVSS5.8AI score0.0048EPSS

Exploits0References1

Vulnrichment•added 2025/12/03 5:0 p.m.•2 views

CVE-2025-20387 Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade

8CVSS6.4AI score0.0048EPSS

Exploits0References1

Tenable Nessus•added 2025/10/29 12:0 a.m.•3 views

Siemens Teamcenter Visualization Installed (Windows)

Binary data siemensteamcentervisualizationinstalled.nbin...

7AI score

Exploits0References1

Snyk•added 2025/10/28 10:41 p.m.•3 views

Command Injection

Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Command Injection via the servername field. An attacker can execute arbitrary OS commands by supplying crafted input to this field during the installation process on...

7.8CVSS7.9AI score0.00188EPSS

Exploits1References2

NVD•added 2025/10/08 10:15 p.m.•5 views

CVE-2025-11535

MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24...

8.8CVSS0.00111EPSS

Exploits0References1