CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20851 matches found

OSV•added 2026/02/12 8:6 p.m.•6 views

CVE-2026-25996 Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...

6.9CVSS5.6AI score0.0056EPSS

Exploits1References5

RedhatCVE•added 2026/02/12 7:28 p.m.•6 views

CVE-2026-25869

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...

7.5CVSS5.6AI score0.005EPSS

Exploits0References1

GithubExploit•added 2026/02/12 3:2 a.m.•158 views

Exploit for Path Traversal in Laquisscada Scada

LAquis SCADA Arbitrary File Write 👨‍💻 Author Mohammed...

7.8CVSS5.7AI score0.01232EPSS

Exploits1

Positive Technologies•added 2026/02/12 12:0 a.m.•5 views

PT-2026-7929

SurfOffline Professional 2.2.0.103 contains a structured exception handler SEH overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers can generate a malicious payload of 382 'A' characters followed by specific byte sequences to...

7.5CVSS5.6AI score0.00314EPSS

Exploits0References5

CNNVD•added 2026/02/12 12:0 a.m.•5 views

Inspektor Gadget 安全漏洞

Inspektor Gadget is a set of tools and frameworks developed by Inspektor Gadget Inc. based on eBPF. Inspektor Gadget has a security vulnerability that arises from the string fields generated by eBPF events in list output mode. These strings are rendered onto the terminal without clearing control...

9.8CVSS5.8AI score0.0056EPSS

Exploits1References3

Positive Technologies•added 2026/02/12 12:0 a.m.•6 views

PT-2026-7932

Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive...

8.7CVSS5.5AI score0.00641EPSS

Exploits0References4

Positive Technologies•added 2026/02/12 12:0 a.m.•5 views

PT-2026-7900

Name of the Vulnerable Software and Affected Versions Inspektor Gadget affected versions not specified Description Inspektor Gadget has an issue where string fields from eBPF events in columns output mode are not sanitized, potentially allowing maliciously crafted event payloads from observed...

9.8CVSS5.7AI score0.0056EPSS

Exploits1References10

NVD•added 2026/02/11 9:16 p.m.•8 views

CVE-2026-25062

Outline is a service that allows for collaborative documentation. Prior to 1.4.0, during the JSON import process, the value of attachments.key from the imported JSON is passed directly to path.joinrootPath, node.key and then read using fs.readFile without validation. By embedding path traversal...

5.5CVSS0.00393EPSS

Exploits1References2

Vulnrichment•added 2026/02/11 8:23 p.m.•4 views

CVE-2026-25062 Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

5.5CVSS5.8AI score0.00393EPSS

Exploits1References2

Cvelist•added 2026/02/11 8:23 p.m.•20 views

CVE-2026-25062 Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

5.5CVSS0.00393EPSS

Exploits1References2

ATTACKERKB•added 2026/02/11 8:23 p.m.•3 views

CVE-2026-25062

5.5CVSS5.8AI score0.00393EPSS

Exploits1References3Affected Software1

CVE•added 2026/02/11 8:23 p.m.•9 views

CVE-2026-25062

Outline (the Outline service) prior to version 1.4.0 is vulnerable via JSON import where attachments[].key is passed to path.join(rootPath, node.key) and then read with fs.readFile without validation, enabling path traversal (e.g., ../ or absolute paths) to read arbitrary server files and import ...

5.5CVSS5.8AI score0.00393EPSS

Exploits1References2Affected Software1

OSV•added 2026/02/11 8:23 p.m.•4 views

CVE-2026-25062 Outline Affected an Arbitrary File Read via Path Traversal in JSON Import

5.5CVSS5.9AI score0.00393EPSS

Exploits1References4

RedhatCVE•added 2026/02/11 7:44 p.m.•5 views

CVE-2026-0651

A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker...

7.8CVSS5.9AI score0.00303EPSS

Exploits1References1

Snyk•added 2026/02/11 6:55 p.m.•3 views

Relative Path Traversal

Overview nanotar is a Tiny and fast Tar utils for any JavaScript runtime! Affected versions of this package are vulnerable to Relative Path Traversal via the parseTar or parseTarGzip functions. An attacker can write arbitrary files outside the intended extraction directory by supplying a speciall...

9.8CVSS5.8AI score0.00841EPSS

Exploits2References2

IBM Security Bulletins•added 2026/02/11 4:52 p.m.•14 views

Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.24 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by readi...

8.9CVSS5.9AI score0.0068EPSS

Exploits3Affected Software1

OSV•added 2026/02/11 4:16 p.m.•1 views

CVE-2026-25869

7.5CVSS5.8AI score

Exploits0References3

NVD•added 2026/02/11 4:16 p.m.•5 views

CVE-2026-25869

7.5CVSS0.005EPSS

Exploits0References3

ATTACKERKB•added 2026/02/11 3:40 p.m.•3 views

CVE-2026-25869