CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9516 matches found

OSV•added 2026/03/07 3:25 p.m.•3 views

CVE-2026-29781 Sliver: Authenticated Nil-Pointer Dereference in Handlers

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

5.3CVSS5.8AI score0.00504EPSS

Exploits1References3

GithubExploit•added 2026/03/07 7:30 a.m.•112 views

prima-incident-response-security-poc

DevOps Security Pipeline POC A security-integrated CI/CD pipe...

5.8AI score

Exploits0

EUVD•added 2026/03/06 6:31 p.m.•3 views

EUVD-2026-10035

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

9.4CVSS5.8AI score0.00637EPSS

Exploits0References3

NVD•added 2026/03/06 4:16 p.m.•4 views

CVE-2026-26288

9.8CVSS0.00637EPSS

Exploits0References2

EUVD•added 2026/03/06 3:31 p.m.•7 views

EUVD-2026-10034

9.4CVSS5.8AI score0.00871EPSS

Exploits0References4

ATTACKERKB•added 2026/03/06 3:15 p.m.•5 views

CVE-2026-26288

9.4CVSS5.8AI score0.00637EPSS

Exploits0References3

Cvelist•added 2026/03/06 3:3 p.m.•27 views

CVE-2026-26051 Mobiliti e-mobi.hu Missing Authentication for Critical Function

9.4CVSS0.00871EPSS

Exploits0References3

CVE•added 2026/03/06 3:3 p.m.•8 views

CVE-2026-26051

CVE-2026-26051 affects WebSocket/OCPP endpoints where no authentication is required. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier and issue or receive OCPP commands as a legitimate charger, enabling privilege escala...

9.8CVSS5.8AI score0.00871EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/03/06 12:0 a.m.•2 views

ePower 访问控制错误漏洞

ePower is a electric vehicle charging station system owned by the Irish company ePower. ePower has a security access control vulnerability, which stems from the lack of an authentication mechanism in WebSocket endpoints. This vulnerability could allow unverified attackers to perform unauthorized...

9.8CVSS5.7AI score0.00889EPSS

Exploits0References3

Positive Technologies•added 2026/03/06 12:0 a.m.•4 views

PT-2026-23714

Name of the Vulnerable Software and Affected Versions OCPP affected versions not specified Description The WebSocket endpoints do not have sufficient authentication, allowing attackers to impersonate charging stations and manipulate data transmitted to the backend. An unauthenticated attacker can...

9.8CVSS5.8AI score0.00871EPSS

Exploits0References9

Tenable Nessus•added 2026/03/06 12:0 a.m.•3 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-8070-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8070-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

8.8CVSS7.3AI score0.0084EPSS

Exploits1References10

CNNVD•added 2026/03/06 12:0 a.m.•4 views

Mobiliti 访问控制错误漏洞

Mobiliti is an electric vehicle charging station system developed by the Hungarian company Mobiliti. Mobiliti has a security access control vulnerability, which stems from the lack of proper authentication mechanisms for WebSocket endpoints. This vulnerability could allow unauthorized sites to...

9.8CVSS5.8AI score0.00871EPSS

Exploits0References3

ATTACKERKB•added 2026/03/05 11:18 p.m.•1 views

CVE-2026-22552

9.4CVSS6AI score0.00889EPSS

Exploits0References4

The Hacker News•added 2026/03/05 12:1 p.m.•10 views

Dust Specter Targets Iraqi Officials with New SPLITDROP and GHOSTFORM Malware

A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware. Zscaler ThreatLabz, which observed the activity in January 2026, is tracking the...

6.3AI score

Exploits0

Positive Technologies•added 2026/03/05 12:0 a.m.•3 views

PT-2026-23574

Name of the Vulnerable Software and Affected Versions affected versions not specified Description WebSocket endpoints are missing appropriate authentication, allowing attackers to impersonate charging stations and manipulate backend data. An unauthenticated attacker can connect to the OCPP...

9.8CVSS5.8AI score0.00889EPSS

Exploits0References12

Trellix•added 2026/03/05 12:0 a.m.•7 views

The Iranian Cyber Capability 2026

The Iranian Cyber Capability 2026 By John Fokker and Ernesto Fernández Provecho · March 5, 2026 Introduction In 2024, we published an assessment of the Islamic Republic of Iran’s cyber capabilities, outlining the structure, tradecraft, and strategic intent of Iranian-aligned threat actors. The co...

7CVSS8.8AI score0.68202EPSS

Exploits7

OSV•added 2026/03/04 2:36 p.m.•4 views

USN-8070-3 linux-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...

8.8CVSS6.7AI score0.0084EPSS

Exploits1References10