CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12842 matches found

CVE•added 2026/03/28 11:58 a.m.•8 views

CVE-2016-20038

CVE-2016-20038 affects yTree 1.94-1.1 and is caused by a stack-based buffer overflow triggered by an excessively long command-line argument. This allows a local attacker to execute arbitrary code by injecting shellcode and a crafted return address to overwrite the stack. Exploitation is described...

8.6CVSS6.6AI score0.00177EPSS

Exploits0References3

ATTACKERKB•added 2026/03/28 11:57 a.m.•2 views

CVE-2016-20037

xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by...

8.6CVSS6.9AI score0.00148EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/03/28 9:27 a.m.•35 views

CVE-2026-2442 Pagelayer <= 2.0.7 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via 'email'

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on...

5.3CVSS0.00224EPSS

Exploits0References2

CNNVD•added 2026/03/28 12:0 a.m.•4 views

WordPress plugin Pagelayer 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

5.3CVSS5.8AI score0.00224EPSS

Exploits0References3

Tenable Nessus•added 2026/03/28 12:0 a.m.•3 views

NewStart CGSL MAIN 7.02 : openssh Multiple Vulnerabilities (NS-SA-2026-0036)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. CVE-2025-61985 - ssh ...

3.6CVSS6.8AI score0.00221EPSS

Exploits2References5

RedhatCVE•added 2026/03/27 10:51 p.m.•16 views

CVE-2026-33628

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

5.4CVSS6AI score0.00231EPSS

Exploits0References1

OSV•added 2026/03/27 10:16 p.m.•2 views

DEBIAN-CVE-2026-33941

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS5.6AI score0.00293EPSS

Exploits1References1

UbuntuCve•added 2026/03/27 10:16 p.m.•4 views

CVE-2026-33941

8.2CVSS5.9AI score0.00293EPSS

Exploits1References5

OSV•added 2026/03/27 10:16 p.m.•5 views

UBUNTU-CVE-2026-33941

8.2CVSS5.9AI score0.00293EPSS

Exploits1References6

Cvelist•added 2026/03/27 9:13 p.m.•22 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

8.2CVSS0.00293EPSS

Exploits1References3

ATTACKERKB•added 2026/03/27 9:13 p.m.•4 views

CVE-2026-33941

8.2CVSS6AI score0.00293EPSS

Exploits1References4Affected Software1

CVE•added 2026/03/27 9:13 p.m.•61 views

CVE-2026-33941

The CVE-2026-33941 issue affects the Handlebars CLI precompiler (bin/handlebars, lib/precompiler.js) from versions 4.0.0–4.7.8, where user-controlled template filenames and CLI options are concatenated into the emitted JavaScript without escaping. An attacker who can influence filenames or argume...

8.2CVSS6AI score0.00293EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/27 9:13 p.m.•2 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

8.2CVSS6AI score0.00293EPSS

Exploits1References5

EUVD•added 2026/03/27 6:31 p.m.•16 views

EUVD-2026-16698

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

8.7CVSS5.9AI score0.00677EPSS

Exploits0References3

Github Security Blog•added 2026/03/27 6:31 p.m.•6 views

Undertow is Vulnerable to HTTP Request/Response Smuggling

9.1CVSS5.9AI score0.00677EPSS

Exploits0References6Affected Software1

EUVD•added 2026/03/27 6:22 p.m.•1 views

EUVD-2026-16862

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options...

8.2CVSS5.9AI score0.00293EPSS

Exploits1References3

Snyk•added 2026/03/27 6:22 p.m.•1 views

Improper Encoding or Escaping of Output

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the CLI precompiler in lib/precompiler.js. An attacker can execute arbitrary JavaScript in the generated...

8.4CVSS6AI score0.00293EPSS

Exploits1References4

OSV•added 2026/03/27 5:45 p.m.•5 views

BIT-NATS-2026-33247 NATS credentials are exposed in monitoring port via command-line argv

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients provided via argv the command-line, then those credentials are visible to any user who can see the...

7.4CVSS5.9AI score0.00286EPSS

Exploits0References3