CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

295 matches found

Positive Technologies•added 2026/02/04 12:0 a.m.•2 views

PT-2026-6350

Summary Cross-client response data leak when a single McpServer/Server and transport instance is reused across multiple client connections, most commonly in stateless StreamableHTTPServerTransport deployments. Impact Who is affected: Any MCP server deployment using the TypeScript SDK where a sing...

7.1CVSS5.5AI score0.00016EPSS

Exploits0References6

RedhatCVE•added 2026/01/14 7:25 p.m.•8 views

CVE-2025-68271

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical remote code execution vulnerability reachable through the JSON-RPC API. When a JSON-RPC request uses the string form of...

10CVSS8.5AI score0.0022EPSS

Exploits0References1

CVE•added 2026/01/13 6:32 p.m.•10 views

CVE-2025-68271

OpenC3 COSMOS (versions 5.0.0–6.10.1) has a critical remote code execution vulnerability exploitable via the JSON-RPC API. The flaw occurs when parsing attacker-controlled parameter text with String#convert_to_value; for array-like inputs, convert_to_value may execute eval(), allowing an unauthen...

10CVSS8.1AI score0.0022EPSS

Exploits0References1

Vulnrichment•added 2026/01/13 6:32 p.m.•2 views

CVE-2025-68271 Unauthenticated Remote Code Execution in openc3-api

10CVSS8.1AI score0.0022EPSS

Exploits0References1

ATTACKERKB•added 2026/01/13 3:35 p.m.•3 views

CVE-2025-12548

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration SSH keys, tokens, etc. from other users' Developer Workspace containers, via an unauthenticated JSON-RPC / websocket API exposed on TCP port 3333...

9CVSS5.7AI score0.45198EPSS

Exploits2References7

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2441

Name of the Vulnerable Software and Affected Versions Eclipse Che versions affected versions not specified Description A flaw exists in Eclipse Che che-machine-exec that permits unauthenticated remote arbitrary command execution and secret exfiltration, including SSH keys and tokens, from other...

9CVSS5.8AI score0.45198EPSS

Exploits2References13

RedhatCVE•added 2026/01/09 8:51 a.m.•15 views

CVE-2021-28495

In Arista's MOS Metamako Operating System software which is supported on the 7130 product line, under certain conditions, user authentication can be bypassed when API access is enabled via the JSON-RPC APIs. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train...

9.8CVSS7AI score0.00144EPSS

Exploits0References1

CNNVD•added 2026/01/07 12:0 a.m.•2 views

Nokia SR Linux 安全漏洞

Nokia SR Linux is a network operating system from the Finnish company Nokia. A security vulnerability exists in Nokia SR Linux that originates from improper authentication and could lead to unauthorized access to JSON-RPC services...

6.4CVSS6.7AI score0.00004EPSS

Exploits0References1

OpenVAS•added 2025/12/01 12:0 a.m.•4 views

OpenWRT Privilege Escalation Vulnerability (Mar 2025)

OpenWRT is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openwrt:openwrt";...

8CVSS7.2AI score0.00048EPSS

Exploits0References1