CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

328 matches found

EUVD•added 2026/03/24 4:49 p.m.•2 views

EUVD-2026-14964

Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API...

8.6CVSS5.8AI score0.00544EPSS

Exploits1References3

CVE•added 2026/03/21 12:42 a.m.•11 views

CVE-2026-32056

OpenClaw prior to version 2026.2.22 is vulnerable to remote code execution via shell startup environment variable injection in system.run. The root cause is failure to sanitize HOME and ZDOTDIR, allowing an attacker to place startup files (e.g., .bash_profile or .zshenv) that are read before allo...

9.8CVSS6.5AI score0.00559EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/02/07 7:30 p.m.•4 views

CVE-2026-25643

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

9.1CVSS5.5AI score0.02874EPSS

Exploits8References1

Cvelist•added 2026/02/06 5:53 p.m.•52 views

CVE-2026-25725 Claude Code Has Sandbox Escape via Persistent Configuration Injection in settings.json

Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exist at startup. While the parent directory was mounted as writable and .claude/settings.local.json...

7.7CVSS0.00416EPSS

Exploits0References1

Positive Technologies•added 2026/02/05 12:0 a.m.•5 views

PT-2026-6654

Name of the Vulnerable Software and Affected Versions Qdrant versions 1.9.3 through 1.15.5 Description Qdrant, a vector similarity search engine and vector database, contains a flaw where an attacker can append to arbitrary files via the /logger endpoint. This is possible due to an...

8.5CVSS6.2AI score0.0049EPSS

Exploits1References13

Packet Storm•added 2026/01/30 12:0 a.m.•164 views

📄 Monsta FTP 2.11 Remote File Injection

This Metasploit module exploits a vulnerability in Monsta FTP version 2.11 and enables remote file injection by creating a malicious FTP server. The application builds this server to upload a malicious PHP file reverse shell. After the file is uploaded, the module immediately verifies the...

9.8CVSS5.9AI score0.72033EPSS

Exploits6

NVD•added 2026/01/29 4:16 p.m.•6 views

CVE-2026-0936

An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is processed by the PVI client application. The logging function of the PVI client application is...

5.1CVSS0.00103EPSS

Exploits0References1

CVE•added 2026/01/27 6:51 p.m.•8 views

CVE-2020-36980

CVE-2020-36980 : The provided documents describe an unquoted service path vulnerability in the Windows service configuration of SAntivirus IC 10.0.21.61, enabling local attackers to potentially execute arbitrary code and escalate privileges to SYSTEM by injecting malicious files into the service ...

8.5CVSS6.1AI score0.0013EPSS

Exploits0References3

Broadcom•added 2026/01/27 12:0 a.m.•16 views

Postgres vulnerabilities (CVE-2025-8713, CVE-2025-8714, CVE-2025-8715)

The Postgres vulnerabilities identified are located within open source components utilized by Brocade SANnav, however none of these vulnerabilities are in the executable code path. As a part of good security practice, the open source component was updated in the SANnav 2.4.0b and 3.0.0 releases...

8.8CVSS6.2AI score0.00709EPSS

Exploits1

Tenable Nessus•added 2026/01/20 12:0 a.m.•6 views

MiracleLinux 8 : cups-filters-1.20.0-35.el8_10 (AXSA:2024-8879:04)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8879:04 advisory. cups-browsed: cups-browsed binds on UDP INADDRANY:631 trusting any packet from any source cups-filters: libcupsfilters: cfGetPrinterAttributes API...

9.8CVSS7.5AI score0.8344EPSS

Exploits16References4

RedhatCVE•added 2026/01/09 11:39 a.m.•13 views

CVE-2003-1582

Microsoft Internet Information Services IIS 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inver...

2.6CVSS6.2AI score0.10325EPSS

Exploits1References1

Vulnrichment•added 2025/10/27 12:2 p.m.•4 views

CVE-2025-12270 LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/assignmentid/tasks/taskid/subfile of the component Student Assignment Submission Handler. This manipulation causes improper...

5.3CVSS6.3AI score0.00337EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2018-18050

Malware in sbrugna...

10CVSS9.5AI score0.06723EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2012-2938

Malware in sbrugna...

4.3CVSS6.3AI score0.02631EPSS

Exploits0References4