CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 21 hours ago•5 views

EUVD-2026-34062

6.5CVSS5.3AI score

GithubExploit•added 22 hours ago•29 views

eCPPT-Penetration-Testing-Reports

eCPPT Penetration Testing Reports Penetration testing lab rep...

9.8CVSS7.3AI score0.93372EPSS

Exploits7

ATTACKERKB•added 22 hours ago•2 views

CVE-2026-10693

A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the component Administrative Endpoint. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit...

6.5CVSS5.5AI score

Exploits0References6Affected Software1

EUVD•added 22 hours ago•3 views

EUVD-2026-34141

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 discloses kernel memory layout via the UPnP GetStatusInfo action. An unauthenticated attacker on the adjacent network can obtain a raw MIPS KSEG0 kernel pointer, revealing kernel memory layout and aiding further exploitation...

5.8AI score

Exploits0References1

Positive Technologies•added 22 hours ago•6 views

PT-2026-45897

6.5CVSS5.3AI score

CVE•added yesterday•6 views

CVE-2026-10690

This CVE affects wonderwhy-er DesktopCommanderMCP 0.2.37. The vulnerability is in the readFileFromUrl function (src/tools/filesystem.ts, read_file component) where manipulating the url argument enables server-side request forgery. It can be triggered remotely and an exploit is publicly available....

6.5CVSS6.2AI score

Vulnrichment•added yesterday•1 views

CVE-2026-10690 wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score

NVD•added yesterday•7 views

CVE-2026-10661

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS

Cvelist•added yesterday•24 views

CVE-2026-10661 ahujasid blender-mcp server.py open injection

5.3CVSS

CVE•added yesterday•12 views

CVE-2026-10661

The CVE concerns ahujasid blender-mcp with a vulnerability in the Open function of src/blender_mcp/server.py. Manipulating the input_image_url parameter leads to injection, with remote exploitation possible. The affected project uses rolling releases, so specific version details are not listed; p...

5.3CVSS5.3AI score

NVD•added yesterday•3 views

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

7.5CVSS

CVE•added yesterday•9 views

CVE-2026-10650

warmcat libwebsockets (up to 4.5.8) contains a flaw in the SSH Protocol Handler: lws_ssh_parse_plaintext (plugins/protocol_lws_ssh_base/sshd.c) can be triggered by manipulating msg_len, leading to resource consumption. The issue can be exploited remotely; a proof-of-concept exploit has been publi...

6.9CVSS5.7AI score

Vulnrichment•added yesterday•1 views

CVE-2026-10650 warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption

A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lwssshparseplaintext of the file plugins/protocollwssshbase/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msglen can lead to resource consumption. The attack may be...

6.9CVSS5.7AI score

EUVD•added yesterday•6 views

EUVD-2026-34024

A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Page. Such manipulation of the argument employeeid leads to improper control of resource identifier...

5.3CVSS5.3AI score

Vulnrichment•added yesterday•3 views

CVE-2026-10624 SourceCodester Human Resource Management Employee View detailview.php resource injection

5.3CVSS5.3AI score

NVD•added yesterday•4 views

CVE-2026-10617

A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The manipulation leads to missing authentication. Remote exploitation of the attack is possibl...

7.5CVSS

Vulnrichment•added yesterday•2 views

CVE-2026-10617 nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication

7.5CVSS6.5AI score

EUVD•added yesterday•5 views

EUVD-2026-34009

7.5CVSS6.5AI score