CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

195 matches found

OSV•added 2026/05/01 3:16 p.m.•1 views

UBUNTU-CVE-2026-43504

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when modproxy65 is enabled. Because modproxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur...

6.5CVSS5.8AI score0.00021EPSS

Exploits0References4

OSV•added 2026/05/01 3:16 p.m.•2 views

UBUNTU-CVE-2026-43506

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections...

7.5CVSS5.8AI score0.00063EPSS

Exploits0References7

OSV•added 2026/05/01 3:16 p.m.•0 views

UBUNTU-CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

7.5CVSS5.8AI score0.00077EPSS

Exploits0References8

vulnersOsv•added 2026/04/28 10:0 p.m.•3 views

openpaw-graveyard (=3.0.0) potentially affected by unknown CVE via @solana-launchpad/sdk (=1.0.13)

@solana-launchpad/sdk NPM version =1.0.13 is affected by a known vulnerability. The following packages have a transitive dependency on @solana-launchpad/sdk and may be impacted: - openpaw-graveyard =3.0.0 Source cves: unknown CVE Source advisory: SNYK:JS-SOLANALAUNCHPADSDK-16321530...

5.8AI score

Exploits0

RedhatCVE•added 2026/02/09 7:14 a.m.•2 views

CVE-2026-2130

A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component searchusername. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely. Upgrading to versio...

9.8CVSS5.3AI score0.00194EPSS

Exploits0References1

Github Security Blog•added 2026/02/08 3:30 a.m.•5 views

mcp-maigret vulnerable to command injection

9.8CVSS5.3AI score0.00194EPSS

Exploits0References10Affected Software1

NVD•added 2026/02/08 3:15 a.m.•4 views

CVE-2026-2130

9.8CVSS0.00194EPSS

Exploits0References8

OSV•added 2026/02/08 3:15 a.m.•3 views

CVE-2026-2130

9.8CVSS6.2AI score

Exploits0References8

Vulnrichment•added 2026/02/08 2:2 a.m.•1 views

CVE-2026-2130 BurtTheCoder mcp-maigret search_username index.ts command injection

6.5CVSS5.3AI score0.00194EPSS

Exploits0References8

ATTACKERKB•added 2026/02/08 2:2 a.m.•3 views

CVE-2026-2130

6.5CVSS6.2AI score0.00194EPSS

Exploits0References9Affected Software1

CVE•added 2026/02/08 2:2 a.m.•8 views

CVE-2026-2130

BurtTheCoder mcp-maigret (versions up to 1.0.12) contains a command injection flaw in the search_username component. The vulnerability affects an unknown portion of src/index.ts and allows manipulation of the Username argument to execute arbitrary commands, potentially remotely. A fix is availabl...

9.8CVSS6.3AI score0.00194EPSS

Exploits0References8Affected Software1

Positive Technologies•added 2026/02/08 12:0 a.m.•4 views

PT-2026-6954

Name of the Vulnerable Software and Affected Versions BurtTheCoder mcp-maigret versions through 1.0.12 Description A flaw exists in the component search username within the file src/index.ts. Manipulating the Username argument can result in command injection, potentially allowing for remote...

6.5CVSS5.3AI score0.00194EPSS

Exploits0References10

vulnersOsv•added 2026/01/27 10:47 p.m.•2 views

2webp (>=0.1.4 <=0.1.5), @57block/stellar-resource-usage (>=0.0.1 <=1.2.0) +358 more potentially affected by CVE-2026-24910 via bun (>=1.0.13 <=1.3.2)

bun NPM version =1.0.13, =0.1.4, =0.0.1, =0.2.0, =0.5.0, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.0.1, =3.260321.1, =0.260331.1, =0.260425.2 and more Source cves: CVE-2026-24910 Source advisory: SNYK:JS-BUN-15123966...

5.9CVSS6.5AI score0.00003EPSS

Exploits0

Patchstack•added 2025/12/31 12:0 a.m.•3 views

WordPress Takeads plugin <= 1.0.13 - Missing Authorization to Plugin Settings Deletion vulnerability

Missing Authorization to Plugin Settings Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin Takeads versions = 1.0.13...

4.3CVSS5.9AI score0.00036EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/12/30 1:2 a.m.•3 views

CVE-2025-68706

A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attack...

9.8CVSS7.8AI score0.00185EPSS

Exploits0References1

EUVD•added 2025/12/29 9:30 p.m.•2 views

EUVD-2025-205631

7.6AI score0.00185EPSS

Exploits0References5

OSV•added 2025/12/29 7:15 p.m.•0 views

CVE-2025-68706

9.8CVSS6.4AI score0.00185EPSS

Exploits0References4

Vulnrichment•added 2025/12/29 12:0 a.m.•1 views

CVE-2025-68706

7.8AI score0.00185EPSS

Exploits0References4

CVE•added 2025/12/29 12:0 a.m.•9 views

CVE-2025-68706

CVE-2025-68706 affects KuWFi 4G LTE AC900 devices running firmware 1.0.13, in the GoAhead-Webs HTTP daemon. The vulnerability is in the /goform/formMultiApnSetting handler, which copies the user-provided pincode into a fixed 132-byte stack buffer using sprintf() without bounds checking. This stac...

9.8CVSS7.8AI score0.00185EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2025/12/29 12:0 a.m.•3 views

PT-2025-53779

Name of the Vulnerable Software and Affected Versions GoAhead-Webs on KuWFi 4G LTE AC900 version 1.0.13 Description A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon. The /goform/formMultiApnSetting handler uses sprintf to copy the pincode parameter, supplied by the user, into ...

8AI score0.00185EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by