CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6348 matches found

NVD•added 2026/03/02 6:16 p.m.•7 views

CVE-2026-0655

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TP-Link Deco BE25 v1.0 web modules allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822...

8CVSS0.00275EPSS

Exploits0References4

ATTACKERKB•added 2026/03/02 5:39 p.m.•4 views

CVE-2026-0655

8CVSS6AI score0.00275EPSS

Exploits0References5

CVE•added 2026/03/02 5:39 p.m.•9 views

CVE-2026-0655

CVE-2026-0655 affects TP-Link Deco BE25 v1.0 (web modules) up to firmware 1.1.1 Build 20250822. The issue is a path traversal vulnerability that allows an authenticated adjacent attacker to read arbitrary files or cause a denial of service. Connected sources confirm the vulnerable product/version...

8CVSS6AI score0.00275EPSS

Exploits0References4Affected Software1

EUVD•added 2026/03/02 5:39 p.m.•5 views

EUVD-2026-9217

6.9CVSS6AI score0.00275EPSS

Exploits0References4

Positive Technologies•added 2026/03/02 12:0 a.m.•4 views

PT-2026-22662

6.9CVSS6AI score0.00275EPSS

Exploits0References5

vulnersOsv•added 2026/02/28 2:1 a.m.•12 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +4650 more potentially affected by unknown CVE via tools.jackson.core:jackson-core (>=3.0.0 <=3.1.0-rc1)

tools.jackson.core:jackson-core MAVEN version =3.0.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.1, =0.1.2, =0.1.0, =0.1.0, =0.7.6, =0.7.17 and more Source cves: unkno...

5.5AI score

Exploits0

Cvelist•added 2026/02/27 5:57 p.m.•24 views

CVE-2026-21619 Unsafe Deserialization of Erlang Terms in hex_core

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

2CVSS0.00576EPSS

Exploits0References6

Positive Technologies•added 2026/02/27 12:0 a.m.•7 views

PT-2026-22343

Name of the Vulnerable Software and Affected Versions Centreon Open Tickets versions prior to 25.10 Centreon Open Tickets versions prior to 24.10 Centreon Open Tickets versions prior to 24.04 Description An improper input validation issue exists in Centreon Open Tickets on Central Server on Linux...

9.1CVSS6AI score0.00303EPSS

Exploits0References9

Packet Storm News•added 2026/02/27 12:0 a.m.•4 views

Jailbreak Foundry: From Papers to Runnable Attacks for Reproducible Benchmarking

Jailbreak techniques for large language models LLMs evolve faster than benchmarks, making robustness estimates stale and difficult to compare across papers due to drift in datasets, harnesses, and judging protocols. We introduce JAILBREAK FOUNDRY JBF, a system that addresses this gap via a...

6AI score

Exploits0

CVE•added 2026/02/25 3:12 p.m.•13 views

CVE-2026-3206

The CVE-2026-3206 entry details an Improper Resource Shutdown or Release vulnerability in KrakenD products. Affected: KrakenD-CE (CircuitBreaker modules) prior to 2.13.1; KrakenD-EE (CircuitBreaker modules) prior to 2.12.5. Impact and exploit details are not fully provided beyond the vulnerabilit...

5.3CVSS5.4AI score0.00256EPSS

Exploits0References2

Oracle linux•added 2026/02/25 12:0 a.m.•9 views

python-pyasn1 security update

0.6.2-1 - Update to 0.6.2 - Update modules to 0.4.2 Resolves: RHEL-148142...

7.5CVSS5.5AI score0.00491EPSS

Exploits0

Packet Storm•added 2026/02/23 12:0 a.m.•154 views

📄 sudo 1.9.17 chroot Privilege Escalation

This Metasploit module exploits CVE-2025-32463, a local privilege escalation vulnerability in Sudo's chroot functionality. The vulnerability allows attackers to load malicious NSS Name Service Switch modules from within a chroot environment, leading to arbitrary code execution as root...

9.3CVSS6.4AI score0.47467EPSS

Exploits70

NVD•added 2026/02/21 7:16 a.m.•23 views

CVE-2026-27452

ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules BER and Distinguished Encoding Rules DER. In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the underlying ArrayBuffer. This issue is expected to be fixed in version 11.0.6...

9.2CVSS0.0026EPSS

Exploits0References1

GithubExploit•added 2026/02/21 6:1 a.m.•170 views

Redteam-Automation

🔴 AI-Driven Red Team Simulation Framework A production-ready...

6AI score

Exploits0

RedhatCVE•added 2026/02/21 1:28 a.m.•5 views

CVE-2026-26974

Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...

9.8CVSS5.9AI score0.0054EPSS

Exploits0References1

SUSE CVE•added 2026/02/21 12:25 a.m.•4 views

SUSE CVE-2026-21620

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

8.1CVSS5.8AI score0.00461EPSS

Exploits0References6

Github Security Blog•added 2026/02/20 6:24 p.m.•10 views

Fickling has a detection bypass via stdlib network-protocol constructors

Our assessment imtplib, imaplib, ftplib, poplib, telnetlib, and nntplib were added to the list of unsafe imports https://github.com/trailofbits/fickling/commit/6d20564d23acf14b42ec883908aed159be7b9ade. The UnusedVariables heuristic works as expected. Original report Summary Fickling's checksafety...

5.8AI score

Exploits0References4Affected Software1