CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

384 matches found

NVD•added 2024/04/22 11:15 p.m.•19 views

CVE-2024-32657

Hydra is a Continuous Integration service for Nix based projects. Attackers can execute arbitrary code in the browser context of Hydra and execute authenticated HTTP requests. The abused feature allows Nix builds to specify files that Hydra serves to clients. One use of this functionality is...

5.4CVSS5.1AI score0.00627EPSS

Exploits0References4

Cvelist•added 2024/04/22 10:24 p.m.•12 views

CVE-2024-32657 Hydra has persistent XSS vulnerability serving HTML build outputs

4.6CVSS5.4AI score0.00627EPSS

Exploits0References4

Cvelist•added 2024/02/06 4:20 p.m.•9 views

CVE-2023-47617

A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP reques...

7.2CVSS7.6AI score0.00781EPSS

Exploits1References1

Vulnrichment•added 2024/02/06 4:20 p.m.•4 views

CVE-2023-42664

A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTT...

7.2CVSS7.4AI score0.00805EPSS

Exploits1References1

NVD•added 2023/10/11 4:15 p.m.•15 views

CVE-2023-35193

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

8.8CVSS7.7AI score0.0027EPSS

Exploits1References2

NVD•added 2023/10/11 4:15 p.m.•8 views

CVE-2023-28381

An OS command injection vulnerability exists in the admin.cgi MVPNtrialinit functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.6AI score0.00325EPSS

Exploits1References2

Vulnrichment•added 2023/10/11 3:16 p.m.•16 views

CVE-2023-34356

An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS7.2AI score0.0027EPSS

Exploits1References1

OSV•added 2023/01/11 10:15 p.m.•0 views

CVE-2017-16335

Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker...

9.9CVSS6.4AI score

Exploits0References1

NVD•added 2023/01/11 10:15 p.m.•9 views

CVE-2017-16323

9.9CVSS9.5AI score0.00472EPSS

Exploits1References1

OSV•added 2023/01/11 10:15 p.m.•2 views

CVE-2017-16307

9.9CVSS6.4AI score0.00437EPSS

Exploits0References1

OSV•added 2023/01/11 10:15 p.m.•1 views

CVE-2017-16308