Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

417 matches found

Snyk
Snykadded 2026/05/18 9:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References2
OSV
OSVadded 2026/05/11 6:31 p.m.1 views

GHSA-HR4R-FWPV-C95J pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00339EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/05/11 6:31 p.m.7 views

pgAdmin 4 File Manager has symbolic-link path traversal

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00339EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/05/11 4:17 p.m.8 views

CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/11 2:35 p.m.4 views

CVE-2026-7819

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00339EPSS
Exploits0References2
OSV
OSVadded 2026/03/16 8:41 p.m.5 views

GHSA-VR7J-G7JV-H5MP OpenClaw session transcript files were created without forced user-only permissions

openclaw created new session transcript JSONL files with overly broad default permissions in affected releases. On multi-user hosts, other local users or processes could read transcript contents, including secrets that might appear in tool output. Affected Packages / Versions - Package: openclaw...

5.7CVSS5.8AI score0.0012EPSS
Exploits0References5
CNVD
CNVDadded 2026/02/11 12:0 a.m.2 views

D-Link DIR-600 Command Injection Vulnerability

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in D-Link DIR-600 2.15WWb02 and earlier versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter...

7.2CVSS5.9AI score0.05172EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/02/09 7:23 p.m.3 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS5.5AI score0.05172EPSS
Exploits1References1
OSV
OSVadded 2026/02/08 5:15 p.m.5 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS5.7AI score0.05172EPSS
Exploits1References6
NVD
NVDadded 2026/02/08 5:15 p.m.8 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS0.05172EPSS
Exploits1References6
Cvelist
Cvelistadded 2026/02/08 4:32 p.m.30 views

CVE-2026-2163 D-Link DIR-600 ssdp.cgi command injection

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

5.8CVSS0.05172EPSS
Exploits1References6
ATTACKERKB
ATTACKERKBadded 2026/02/08 4:32 p.m.7 views

CVE-2026-2163

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

5.8CVSS5.1AI score0.05172EPSS
Exploits1References6Affected Software1
EUVD
EUVDadded 2026/02/08 4:32 p.m.6 views

EUVD-2026-5786

A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTPST/REMOTEADDR/REMOTEPORT/SERVERID leads to command injection. The attack may be launched remotely. The exploit is publicly availabl...

7.2CVSS5AI score0.05172EPSS
Exploits1References6
CNNVD
CNNVDadded 2026/02/08 12:0 a.m.4 views

D-Link DIR-600 命令注入漏洞

The D-Link DIR-600 is a wireless router from China's AUO D-Link. A command injection vulnerability exists in D-Link DIR-600 2.15WWb02 and earlier versions, which stems from the failure to properly filter constructed command special characters, commands, etc. in the parameter...

7.2CVSS6AI score0.05172EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/02/08 12:0 a.m.7 views

PT-2026-6994

Name of the Vulnerable Software and Affected Versions D-Link DIR-600 versions prior to 2.15WWb02 Description A flaw exists in D-Link DIR-600 firmware up to version 2.15WWb02 related to the ssdp.cgi file. Manipulation of the HTTP ST/REMOTE ADDR/REMOTE PORT/SERVER ID argument can lead to command...

5.8CVSS5.5AI score0.05172EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2026/01/13 10:53 p.m.3 views

CVE-2025-15505

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS5.3AI score0.00206EPSS
Exploits0References1
NVD
NVDadded 2026/01/11 2:15 a.m.1 views

CVE-2025-15505

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS0.00206EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/11 1:32 a.m.22 views

CVE-2025-15505 Luxul XWR-600 Web Administration cross site scripting

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS0.00206EPSS
Exploits0References4
CVE
CVEadded 2026/01/11 1:32 a.m.9 views

CVE-2025-15505

Luxul XWR-600 Web Administration Interface is affected by a cross-site scripting vulnerability, tracked as CVE-2025-15505, impacting versions up to 4.0.1. The flaw arises from manipulating the Guest Network/Wireless Profile SSID argument, enabling remote exploitation. Multiple sources confirm pub...

4.8CVSS3.2AI score0.00206EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/11 1:32 a.m.2 views

CVE-2025-15505 Luxul XWR-600 Web Administration cross site scripting

A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wireless Profile SSID results in cross site scripting. The attack may be launched remotely. The exploit...

4.8CVSS5.2AI score0.00206EPSS
Exploits0References4
Rows per page
Query Builder