Why vulnerability monitoring is critical for your business
In 2025, 48,185 new vulnerabilities (CVEs) were published — a 20% increase compared to 2024. In 2026, the trend is accelerating further. Every day, more than 130 flaws are made public, some of which affect the software your business uses daily.
According to the Verizon Data Breach Investigations Report, 60% of data breaches exploit vulnerabilities for which a patch already existed at the time of the attack. The problem is not the absence of patches — it is the absence of monitoring. No IT team can manually track 130 CVEs per day.
Avec CVE Find, explorez la plus grande base de données de vulnérabilités au monde.
Le CVE (Common Vulnerabilities and Exposures) est une liste de failles de sécurité informatique divulguées publiquement. Le programme CVE a pour objectif de faciliter le partage des données entre les différentes capacités de détection des vulnérabilités, qu'il s'agisse d'outils, de bases de données ou de services. Il fournit également une norme pour évaluer la couverture de ces outils et services.
Accédez à CVE Find
What CVE Find does for you
How can I be alerted in real time?
CVE Find notifies you by email and SMS as soon as a vulnerability affects your products. Configurable frequency: from instant alerts to monthly summaries.
Are my software products vulnerable?
Configure your products (CMS, servers, libraries) via the CPE catalogue. CVE Find continuously monitors the MITRE database and alerts you automatically. 338,000+ CVEs indexed.
How do I prioritise patches?
CVSS scoring (severity) and EPSS (probability of real-world exploitation) show you what to fix first. No more false positives.
Which vulnerabilities are being actively exploited?
The integrated CISA KEV catalogue identifies vulnerabilities already exploited in the wild. These are the flaws to fix with absolute top priority.
Is the platform available in English?
Yes. CVE Find is available in French, English and German. Developed in Switzerland by Bexxo, it is the only comprehensive French-language CVE platform.
Is the data reliable and up to date?
Real-time synchronisation with MITRE, NVD, CISA and FIRST.org. More than 48,000 CVEs added in 2025, and the database is enriched every hour.
Stay ahead with the latest critical security vulnerabilities.
CVE-2026-3587 - CRITICAL
23/03/2026
An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device.
CVE-2026-4601 - HIGH
23/03/2026
Versions of the package jsrsasign before 11.1.1 are vulnerable to Missing Cryptographic Step via the KJUR.crypto.DSA.signWithMessageHash process in the DSA signing implementation. An attacker can recover the private key by forcing r or s to be zero, so the library emits an invalid signature without retrying, and then solves for x from the resulting signature.
OWSAP: A02
CVE-2026-4599 - CRITICAL
23/03/2026
Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker can recover the private key by exploiting the incorrect compareTo checks that accept out-of-range candidates and thus bias DSA nonces during signature generation.
CVE-2026-4567 - CRITICAL
23/03/2026
A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
overflow
CVE-2026-4566 - HIGH
23/03/2026
A flaw has been found in Belkin F9K1122 1.00.33. The affected element is the function formWISP5G of the file /goform/formWISP5G. Executing a manipulation of the argument webpage can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
overflow
CVE-2026-4565 - HIGH
23/03/2026
A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
overflow
CVE-2026-4558 - HIGH
22/03/2026
A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but...
oscommandinjectioncommandinjectionOWSAP: A03
CVE-2026-4555 - HIGH
22/03/2026
A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the argument curTime causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affec...
overflow
CVE-2026-4553 - HIGH
22/03/2026
A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
overflow
CVE-2026-4551 - HIGH
22/03/2026
A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
overflow
CVE-2026-4552 - HIGH
22/03/2026
A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
overflow
CVE-2019-25615 - HIGH
22/03/2026
Lavavo CD Ripper 4.20 contains a structured exception handling (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Activation Name field. Attackers can craft a payload with controlled buffer data, NSEH jump instructions, and SEH handler addresses to trigger code execution and establish a bind shell on port 3110.
overflow
CVE-2019-25614 - CRITICAL
22/03/2026
Free Float FTP 1.0 contains a buffer overflow vulnerability in the STOR command handler that allows remote attackers to execute arbitrary code by sending a crafted STOR request with an oversized payload. Attackers can authenticate with anonymous credentials and send a malicious STOR command containing 247 bytes of padding followed by a return address and shellcode to trigger code execution on the ...
overflow
CVE-2019-25611 - HIGH
22/03/2026
MiniFtp contains a buffer overflow vulnerability in the parseconf_load_setting function that allows local attackers to execute arbitrary code by supplying oversized configuration values. Attackers can craft a miniftpd.conf file with values exceeding 128 bytes to overflow stack buffers and overwrite the return address, enabling code execution with root privileges.
overflow
CVE-2019-25609 - HIGH
22/03/2026
JetAudio jetCast Server 2.0 contains a stack-based buffer overflow vulnerability in the Log Directory configuration field that allows local attackers to overwrite structured exception handling pointers. Attackers can inject alphanumeric encoded shellcode through the Log Directory field to trigger an SEH exception handler and execute arbitrary code with application privileges.
overflow
CVE-2019-25608 - HIGH
22/03/2026
Iperius Backup 6.1.0 contains a privilege escalation vulnerability that allows low-privilege users to execute arbitrary programs with elevated privileges by creating backup jobs. Attackers can configure backup jobs to execute malicious batch files or programs before or after backup operations, which run with the privileges of the Iperius Backup Service account (Local System or Administrator), enab...
OWSAP: A05
CVE-2019-25607 - HIGH
22/03/2026
Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.
overflow
CVE-2019-25604 - HIGH
22/03/2026
DVDXPlayer Pro 5.5 contains a local buffer overflow vulnerability with structured exception handling that allows local attackers to execute arbitrary code by crafting malicious playlist files. Attackers can create a specially crafted .plf file containing shellcode and NOP sleds that overflows a buffer and hijacks the SEH chain to execute arbitrary code with application privileges.
overflow
CVE-2019-25603 - HIGH
22/03/2026
TuneClone 2.20 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license code string. Attackers can craft a payload with a controlled buffer, NSEH jump instruction, and SEH handler address pointing to a ROP gadget, then paste it into the license code field to trigger code execution and establis...
overflow
CVE-2019-25619 - HIGH
22/03/2026
FTP Shell Server 6.83 contains a buffer overflow vulnerability in the 'Account name to ban' field that allows local attackers to execute arbitrary code by supplying a crafted string. Attackers can inject shellcode through the account name parameter in the Manage FTP Accounts dialog to overwrite the return address and execute calc.exe or other commands.
overflow
