CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36544 matches found

Cvelist•added 2026/01/13 1:12 a.m.•24 views

CVE-2026-0491 Code Injection vulnerability in SAP Landscape Transformation

SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively...

9.1CVSS0.00436EPSS

Exploits0References2

CNNVD•added 2026/01/13 12:0 a.m.•4 views

4images 代码注入漏洞

4images is an image management system from the German company 4images. A code injection vulnerability exists in 4images version 1.9, which stems from a remote command execution vulnerability in the template editing feature that could lead to the execution of arbitrary commands...

8.6CVSS6.1AI score0.01088EPSS

Exploits1References4

CNNVD•added 2026/01/13 12:0 a.m.•4 views

PHOENIX CONTACT TC ROUTER 代码注入漏洞

PHOENIX CONTACT TC ROUTER is a series of routers from PHOENIX CONTACT, Germany. A code injection vulnerability exists in the PHOENIX CONTACT TC ROUTER that stems from improper code generation controls and could lead to code injection and a complete loss of confidentiality, availability, and...

8.8CVSS5.9AI score0.00496EPSS

Exploits0References1

CNNVD•added 2026/01/13 12:0 a.m.•6 views

SAP Wily Introscope Enterprise Manager 代码注入漏洞

SAP Wily Introscope Enterprise Manager is an application performance management component from SAP, Germany. A code injection vulnerability exists in SAP Wily Introscope Enterprise Manager, which stems from the use of a vulnerable third-party component, and could allow an unauthenticated attacker...

9.6CVSS6.2AI score0.00351EPSS

Exploits0References2

Positive Technologies•added 2026/01/13 12:0 a.m.•3 views

PT-2026-2351

Name of the Vulnerable Software and Affected Versions versions prior to 2025-41717 Description An unauthenticated remote attacker can trick a high privileged user into uploading a malicious payload via the config-upload endpoint, leading to code injection as root. This results in a total loss of...

8.8CVSS7AI score0.00496EPSS

Exploits0References9

CNNVD•added 2026/01/13 12:0 a.m.•3 views

SAP Landscape Transformation 代码注入漏洞

SAP Landscape Transformation is a tool for system data migration and integration from SAP, Germany. SAP Landscape Transformation suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function modules,...

9.1CVSS6.2AI score0.00436EPSS

Exploits0References2

CNNVD•added 2026/01/13 12:0 a.m.•4 views

SAP S/4HANA 代码注入漏洞

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. SAP S/4HANA suffers from a code injection vulnerability that originates from an attacker being able to inject arbitrary ABAP code or OS commands via RFC-exposed function...

9.1CVSS6.2AI score0.00409EPSS

Exploits0References2

CNNVD•added 2026/01/13 12:0 a.m.•4 views

NanoCMS 代码注入漏洞

NanoCMS is a lightweight content management system by kalyan02 individual developer. A code injection vulnerability exists in NanoCMS version 0.4, which stems from an unauthenticated file upload vulnerability in the page content creation feature that could lead to remote code execution...

8.8CVSS6.2AI score0.01112EPSS

Exploits1References4

NVD•added 2026/01/12 7:16 p.m.•6 views

CVE-2026-22785

orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Prior to 7.18.0, the MCP server generation logic relies on string manipulation that incorporates the summary field from the OpenAPI specification without proper validation or escaping. This allo...

9.8CVSS0.00709EPSS

Exploits2References2

Cvelist•added 2026/01/12 6:43 p.m.•21 views

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

9.3CVSS0.00709EPSS

Exploits2References2

Vulnrichment•added 2026/01/12 6:43 p.m.•5 views

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

9.3CVSS6.6AI score0.00709EPSS

Exploits2References2

OSV•added 2026/01/12 6:43 p.m.•3 views

CVE-2026-22785 orval MCP client is vulnerable to a code injection attack.

9.3CVSS6.9AI score0.00709EPSS

Exploits2References4

CVE•added 2026/01/12 6:43 p.m.•32 views

CVE-2026-22785

Summary: Orval (MCP client/server code path) is vulnerable to arbitrary code execution via unsanitized input in OpenAPI specs. The CVE-2026-22785/MCP issue arises from string-manipulation in the MCP server generation logic that embeds the summary field without proper validation/escaping, allowing...

9.8CVSS6.6AI score0.00709EPSS

Exploits2References2Affected Software1

CNNVD•added 2026/01/12 12:0 a.m.•5 views

Envoy Gateway 代码注入漏洞

Envoy Gateway is an Envoy Proxy open source that uses the Envoy agent as a gateway for standalone or Kubernetes-based applications. A code injection vulnerability exists in Envoy Gateway versions prior to 1.5.7 and prior to 1.6.2 that stems from the EnvoyExtensionPolicy Lua script that could...

8.8CVSS6.9AI score0.00481EPSS

Exploits1References1

CNNVD•added 2026/01/11 12:0 a.m.•3 views

Legrand AV Luxul XWR-600 代码注入漏洞

The Legrand AV Luxul XWR-600 is a wireless router from Luxul. A code injection vulnerability exists in the Legrand AV Luxul XWR-600 version 4.0.1 and earlier, which stems from the incorrect operation of the parameter Guest Network/Wireless Profile SSID in the component Web Administration Interfac...

4.8CVSS4.2AI score0.00206EPSS

Exploits0References5

EUVD•added 2026/01/10 12:30 a.m.•5 views

EUVD-2026-1841

Improper Control of Generation of Code 'Code Injection' vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0...

6.5AI score0.00372EPSS

Exploits0References2