CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

192 matches found

OSV•added 2026/01/07 8:46 p.m.•4 views

CGA-67CP-QP5V-884V

Bulletin has no description...

7.5CVSS6.9AI score0.00028EPSS

Exploits1

EUVD•added 2026/01/07 12:0 a.m.•1 views

EUVD-2026-1174

A command injection vulnerability in the executecommand function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input...

10CVSS7.6AI score0.00815EPSS

Exploits1References4

OSV•added 2026/01/02 8:2 p.m.•2 views

MINI-FHGX-3QX6-VWRR

Bulletin has no description...

9.1CVSS6.9AI score0.00072EPSS

Exploits0

EUVD•added 2026/01/02 6:30 p.m.•1 views

EUVD-2026-0169

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.5AI score

Exploits0References1

EUVD•added 2026/01/02 6:30 p.m.•1 views

EUVD-2026-0590

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.5AI score

Exploits0References1

EUVD•added 2026/01/02 6:30 p.m.•1 views

EUVD-2026-0633

This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...

5.5AI score

Exploits0References1

EUVD•added 2026/01/02 3:18 p.m.•2 views

EUVD-2026-0668

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the...

6.9CVSS6.3AI score0.00017EPSS

Exploits0References2

EUVD•added 2025/12/24 12:30 p.m.•1 views

EUVD-2025-205146

In the Linux kernel, the following vulnerability has been resolved: udplite: Fix NULL pointer dereference in skmemraiseallocated. syzbot reported 0 a null-ptr-deref in skgetrmem0 while using IPPROTOUDPLITE 0x88: 14:25:52 executing program 1: r0 = socket$inet60xa, 0x80002, 0x88 We had a similar...

5.9AI score0.00046EPSS

Exploits0References8

EUVD•added 2025/12/23 9:30 p.m.•2 views

EUVD-2025-204837

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

7.2CVSS5.6AI score0.0001EPSS

Exploits1References5

EUVD•added 2025/12/18 2:28 p.m.•5 views

EUVD-2025-204288

There is an out of bounds read vulnerability in NI LabVIEW in LVResource::DetachResource when parsing a corrupted VI file. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI...

8.5CVSS6.7AI score0.00016EPSS

Exploits0References2

EUVD•added 2025/12/11 9:31 p.m.•2 views

EUVD-2025-202892

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleget in file /usr/local/lua/devsta/networkConnect.lua...

7.3AI score0.00915EPSS

Exploits1References4

OSV•added 2025/12/08 2:39 a.m.•1 views

CGA-JCH8-976Q-2VFX

Bulletin has no description...

6.5CVSS6.9AI score0.00008EPSS

Exploits0

OSV•added 2025/11/28 6:10 a.m.•1 views

CGA-CHQ2-FV5G-3PF9

Bulletin has no description...

5.3CVSS6.9AI score0.00014EPSS

Exploits0

OSV•added 2025/11/23 4:46 a.m.•1 views

CGA-MVG6-R7Q3-MH99

Bulletin has no description...

5.3CVSS6.8AI score0.00014EPSS

Exploits0

EUVD•added 2025/11/19 9:31 p.m.•1 views

EUVD-2025-198171

GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...

6.4AI score0.00058EPSS

Exploits1References4

EUVD•added 2025/11/19 9:31 p.m.•3 views

EUVD-2025-198166

D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction header field. The unauthenticated remote attacker can execute the shell command...

8AI score0.00579EPSS

Exploits1References5

OSV•added 2025/11/17 5:39 p.m.•1 views

MINI-MJFP-JXQ9-H4F3

Bulletin has no description...

7.5CVSS7.2AI score0.0112EPSS

Exploits0

EUVD•added 2025/11/07 12:30 a.m.•1 views

EUVD-2025-38208

EUVD-2025-38208...

6.4AI score0.00037EPSS

Exploits0References3