CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/03/23 12:0 a.m.•1 views

RHEL 10 : valkey (RHSA-2026:5445)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5445 advisory. Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, se...

8.5CVSS5.9AI score0.00415EPSS

Exploits0References6

NVD•added 2026/03/22 6:16 p.m.•5 views

CVE-2026-4558

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...

9CVSS0.03628EPSS

Exploits1References5

ATTACKERKB•added 2026/03/22 5:29 p.m.•4 views

CVE-2026-4558

9CVSS6.9AI score0.03628EPSS

Exploits1References5Affected Software1

EUVD•added 2026/03/22 6:30 a.m.•2 views

EUVD-2026-14277

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function actionipsecconn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5.6AI score0.10296EPSS

CVE•added 2026/03/22 4:2 a.m.•20 views

CVE-2026-4537

CVE-2026-4537 affects Cudy TR1200 firmware version R46-2.4.15-20250721-164017. The vulnerability lies in the Lua-based web UI controller at /usr/bin/lib/lua/luci/controller/ipsec.lua, within the function action_ipsec_conn. Exploitation involves command injection via manipulation of this function,...

5.8CVSS5AI score0.10296EPSS

Cvelist•added 2026/03/22 4:2 a.m.•39 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

5.8CVSS0.10296EPSS

Vulnrichment•added 2026/03/22 4:2 a.m.•1 views

CVE-2026-4537 Cudy TR1200 ipsec.lua action_ipsec_conn command injection

5.8CVSS5AI score0.10296EPSS

ATTACKERKB•added 2026/03/22 4:2 a.m.•2 views

CVE-2026-4537

5.8CVSS5AI score0.10296EPSS

Exploits0References7

CNNVD•added 2026/03/22 12:0 a.m.•3 views

Cudy TR1200 命令注入漏洞

The Cudy TR1200 is a router produced by the Chinese company Cudy. The Cudy TR1200 R46-2.4.15-20250721-164017 version has a command injection vulnerability. This vulnerability stems from incorrect operations on the function actionipsecconn in the file /usr/bin/lib/lua/luci/controller/ipsec.lua,...

5.8CVSS5.8AI score0.10296EPSS

Positive Technologies•added 2026/03/22 12:0 a.m.•10 views

PT-2026-26968

A vulnerability was determined in Cudy TR1200 R46-2.4.15-20250721-164017. Impacted is the function action ipsec conn of the file /usr/bin/lib/lua/luci/controller/ipsec.lua. Executing a manipulation can lead to command injection. The attack may be launched remotely. The exploit has been publicly...

5.8CVSS5.6AI score0.10296EPSS

OpenVAS•added 2026/03/19 12:0 a.m.•3 views

Ubuntu: Security Advisory (USN-8106-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS5.8AI score0.00415EPSS

Exploits0References2

Tenable Nessus•added 2026/03/19 12:0 a.m.•6 views

Ubuntu 24.04 LTS / 25.10 : Valkey vulnerabilities (USN-8106-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8106-1 advisory. It was discovered that Valkey incorrectly handled errors for lua scripts. An attacker could possibly use this issue to inject arbitrary informati...

8.5CVSS6AI score0.00415EPSS

Ubuntu•added 2026/03/18 1:31 p.m.•8 views

USN-8106-1: Valkey vulnerabilities

It was discovered that Valkey incorrectly handled errors for lua scripts. An attacker could possibly use this issue to inject arbitrary information into the response stream for other clients. CVE-2025-67733 It was discovered that Valkey incorrectly handled malformed cluster bus messages. A remote...

8.5CVSS5.9AI score0.00415EPSS

Exploits0

NVD•added 2026/03/17 6:16 p.m.•3 views

CVE-2026-32298

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands...

9.1CVSS0.00647EPSS

Vulnrichment•added 2026/03/17 5:21 p.m.•1 views

CVE-2026-32298 Angeet ES3 KVM OS command injection

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands...

9.1CVSS5.9AI score0.00647EPSS

Cvelist•added 2026/03/17 5:21 p.m.•26 views

CVE-2026-32298 Angeet ES3 KVM OS command injection

The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands...

9.1CVSS0.00647EPSS

CVE•added 2026/03/17 5:21 p.m.•14 views

CVE-2026-32298

Technical details (affected product/component/versions/root cause/impact) are not present in the connected documents. The provided Initial Description notes a vulnerability in Angeet ES3 KVM related to cfg.lua sanitation, but no concrete technical specifics are supplied here. Monitor for updates.

9.1CVSS5.9AI score0.00647EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2026/03/15 12:0 a.m.•3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: redis6 (UTSA-2026-006168)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006168 advisory. Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read...

7.1CVSS6.9AI score0.01038EPSS