CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20804 matches found

Tenable Nessus•added 2026/03/06 12:0 a.m.•6 views

NewStart CGSL MAIN 6.06 (SP) : perl Multiple Vulnerabilities (NS-SA-2026-0016)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has perl packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count...

9.8CVSS7.3AI score0.61604EPSS

Exploits22References35

Positive Technologies•added 2026/03/06 12:0 a.m.•3 views

PT-2026-23693

Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the parent parameter of the getAlbum endpoint to access sensitive system...

8.7CVSS5.9AI score0.00632EPSS

Exploits0References3

Positive Technologies•added 2026/03/06 12:0 a.m.•2 views

PT-2026-23658

Name of the Vulnerable Software and Affected Versions Windmill versions prior to 1.603.3 Description Windmill is a developer platform for internal code, including APIs, background jobs, workflows, and UIs. A path traversal issue exists in the get log file API endpoint "/api/w/workspace/jobs u/get...

6.9CVSS5.9AI score0.02584EPSS

Exploits0References12

Tenable Nessus•added 2026/03/06 12:0 a.m.•5 views

NewStart CGSL MAIN 6.06 (SP) : glibc Multiple Vulnerabilities (NS-SA-2026-0027)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has glibc packages installed that are affected by multiple vulnerabilities: - The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed...

9.8CVSS6.7AI score0.13614EPSS

Exploits24References49

Tenable Nessus•added 2026/03/06 12:0 a.m.•5 views

Amazon Linux 2023 : libsoup3, libsoup3-devel (ALAS2023-2026-1460)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1460 advisory. A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences...

9.1CVSS6.4AI score0.0042EPSS

Exploits1References8

Tenable Nessus•added 2026/03/06 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-3234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in modproxycluster. This vulnerability, a Carriage Return Line Feed CRLF injection in the decodeenc function, allows a remote attacker to bypas...

4.3CVSS5.9AI score0.00332EPSS

Exploits0References2

Tenable Nessus•added 2026/03/06 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2025-69534

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError...

7.5CVSS7.3AI score0.00465EPSS

Exploits1References3

NVD•added 2026/03/05 10:16 p.m.•7 views

CVE-2026-28482

OpenClaw versions prior to 2026.2.12 construct transcript file paths using unsanitized sessionId parameters and sessionFile paths without enforcing directory containment. Authenticated attackers can exploit path traversal sequences like ../../etc/passwd in sessionId or sessionFile parameters to...

8.4CVSS0.00136EPSS

Exploits0References4

OSV•added 2026/03/05 10:16 p.m.•3 views

CVE-2026-28482

7.1CVSS5.9AI score

Exploits0References4

NVD•added 2026/03/05 10:16 p.m.•4 views

CVE-2026-28457

OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in sandbox skill mirroring must be enabled that uses the skill frontmatter name parameter unsanitized when copying skills into the sandbox workspace. Attackers who provide a crafted skill package with traversal sequences...

7.9CVSS0.00134EPSS

Exploits0References3

OSV•added 2026/03/05 10:16 p.m.•2 views

CVE-2026-28457

7.9CVSS5.8AI score

Exploits0References3

NVD•added 2026/03/05 10:16 p.m.•2 views

CVE-2026-28453

OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft malicious archives with traversal sequences like ../../ to write files outside extraction boundarie...

9.8CVSS0.00409EPSS

Exploits0References3

OSV•added 2026/03/05 10:16 p.m.•1 views

CVE-2026-28453

9.8CVSS5.9AI score

Exploits0References3

OSV•added 2026/03/05 10:16 p.m.•3 views

CVE-2026-28447

OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attackers can craft scoped package names containing path traversal sequences like .. to write files...

6.5CVSS5.8AI score

Exploits0References3

NVD•added 2026/03/05 10:16 p.m.•8 views

CVE-2026-28447

8.1CVSS0.00355EPSS

Exploits0References3

OSV•added 2026/03/05 10:16 p.m.•3 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

9.8CVSS6AI score

Exploits0References4

NVD•added 2026/03/05 10:16 p.m.•10 views

CVE-2026-28393

9.8CVSS0.00439EPSS

Exploits0References4