CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

321 matches found

D-Link DIR-803 - Authentication Bypass

An authentication bypass vulnerability exists in D-Link DIR-803 routers firmware A1 1.04 and earlier. By manipulating the AUTHORIZEDGROUP parameter in /getcfg.php via newline injection, an attacker can retrieve XML configuration containing administrator credentials without authentication. id:...

7.5CVSS5.9AI score0.08991EPSS

Exploits1References3

RedhatCVE•added 3 days ago•7 views

CVE-2026-46739

A flaw was found in perl-Net-Statsd. This vulnerability allows an attacker to inject additional statsd metrics due to insufficient validation of metric names and values. Specifically, the software does not properly check for newlines, colons, or pipes in metric names, nor does it ensure that valu...

5.3CVSS5.3AI score0.00035EPSS

Exploits0References2

RedhatCVE•added last week•5 views

CVE-2026-41234

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

7.6CVSS5.5AI score0.00046EPSS

Exploits0References1

RedhatCVE•added last week•5 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS5.6AI score0.00026EPSS

Exploits1References1

RedhatCVE•added last week•8 views

CVE-2026-35517

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the upstream DNS servers configuration parameter dns.upstreams. This vulnerability allows a...

8.8CVSS6AI score0.00127EPSS

Exploits2References1

NVD•added 2026/06/04 7:16 p.m.•7 views

CVE-2026-41234

7.6CVSS0.00046EPSS

Exploits0References3

CVE•added 2026/06/04 5:47 p.m.•16 views

CVE-2026-41234

CVE-2026-41234 affects Froxlor prior to 2.3.7, where the DomainZones.add API does not sanitize newline characters in TXT records. An authenticated user with DNS editing enabled can inject newlines into TXT content, causing the TXT value to break out of the line in the generated BIND zone file. Th...

7.6CVSS5.9AI score0.00046EPSS

Exploits0References3

Vulnrichment•added 2026/06/04 5:47 p.m.•6 views

CVE-2026-41234 Froxlor: BIND Zone File Injection via TXT Record Content

7.6CVSS5.9AI score0.00046EPSS

Exploits0References3

Cvelist•added 2026/06/04 5:47 p.m.•29 views

CVE-2026-41234 Froxlor: BIND Zone File Injection via TXT Record Content

7.6CVSS0.00046EPSS

Exploits0References3

ATTACKERKB•added 2026/06/04 5:47 p.m.•4 views

CVE-2026-41234

8.8CVSS5.9AI score0.00046EPSS

Exploits1References4Affected Software1

EUVD•added 2026/06/04 5:47 p.m.•7 views

EUVD-2026-34313

8.8CVSS5.9AI score0.00046EPSS

Exploits1References3

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-46116

Name of the Vulnerable Software and Affected Versions Froxlor versions prior to 2.3.7 Description The 'DomainZones.add' API endpoint fails to sanitize newline characters within TXT record content. An authenticated customer with DNS editing permissions can inject newlines into TXT record values,...

7.6CVSS5.9AI score0.00046EPSS

Exploits0References9

GithubExploit•added 2026/05/30 6:54 a.m.•76 views

Exploit for OS Command Injection in Thecodingmachine Gotenberg

POCCVE-2026-42589 Local reproduction lab and nuclei template...

9.8CVSS6.4AI score0.08768EPSS

Exploits2

OSV•added 2026/05/29 8:16 p.m.•5 views

UBUNTU-CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

9.9CVSS5.6AI score0.00056EPSS

Exploits1References3

Rockylinux•added 2026/05/29 4:3 p.m.•15 views

python3.14 security update

An update is available for python3.14. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

9.1CVSS6.4AI score0.0017EPSS

Exploits0

Vulnrichment•added 2026/05/28 8:41 p.m.•8 views

CVE-2026-45344 LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.0021EPSS

Exploits0References1

RedhatCVE•added 2026/05/28 8:12 p.m.•9 views

CVE-2026-44346

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

8.8CVSS5.9AI score0.00046EPSS

Exploits1References1