CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

Positive Technologies•added 2026/02/10 12:0 a.m.•4 views

PT-2026-7476

Name of the Vulnerable Software and Affected Versions JUNG Smart Panel KNX firmware versions prior to L1.12.22 Description The JUNG Smart Panel KNX firmware does not properly validate file path input in its embedded web interface. This allows remote, unauthenticated attackers to access arbitrary...

6.9CVSS5.6AI score0.00014EPSS

Exploits2References7

EUVD•added 2026/02/04 9:48 p.m.•4 views

EUVD-2026-5327

Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The executeOperation function passed user-controlled input e.g., projectPath directly to exec, which...

7.8CVSS6.4AI score0.00037EPSS

Exploits1References4

OSV•added 2026/01/29 8:33 a.m.•2 views

USN-7984-1 pagure vulnerabilities

Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic links in Git repositories. A remote attacker could possibly use this issue to cause Pagure to expose files outside the intended repository boundaries. CVE-2024-4981 Thomas Chauchefoin discovered that Pagure did not properly...

9.8CVSS5.8AI score0.01959EPSS

Exploits2References5

OSV•added 2026/01/06 6:15 p.m.•2 views

CVE-2025-15382

A heap buffer over-read vulnerability exists in the wolfSSHCleanPath function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte...

8.1CVSS6.9AI score

Exploits0References1

OSV•added 2025/12/19 10:53 p.m.•5 views

GHSA-F43R-CC68-GPX4 External Control of File Name or Path in Langflow

Vulnerability Overview If an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction, normalization, or allowed directory enforcement, so absolute paths e.g., /etc/poc.txt ar...

7.1CVSS6.9AI score0.00034EPSS

Exploits1References4

CVE•added 2025/11/17 12:0 a.m.•10 views

CVE-2025-63916

Summary : CVE-2025-63916 affects MyScreenTools v2.2.1.0. The issue is a critical OS command injection in the GIF compression tool, where the CMD() function in GIFSicleTool/Form_gif_sicle_tool.cs concatenates unsanitized user input (file paths) and executes them via cmd.exe. This allows arbitrary ...

8.1CVSS7.8AI score0.00451EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2025/11/07 12:0 a.m.•2 views

CVE-2025-57697

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function encodeimagebs64. Since the encodeimagebs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimac...

6.3AI score0.00086EPSS

Exploits1References1

Snyk•added 2025/10/07 9:41 a.m.•3 views

Cross-site Scripting (XSS)

Overview double-take is an Unified UI and API for processing and training images for facial recognition Affected versions of this package are vulnerable to Cross-site Scripting XSS via the app.use function in the API component when processing the X-Ingress-Path argument. An attacker can inject an...

5.3CVSS5.5AI score0.00033EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-23567

Malware in sbrugna...

7.5CVSS7.6AI score0.00151EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-54205

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.03538EPSS

Exploits2References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-21149

Malicious code in bioql PyPI...

8.8CVSS8.5AI score0.00084EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-25285

Malicious code in bioql PyPI...

4.9CVSS6.4AI score0.00174EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•16 views

EUVD-2022-5411

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00178EPSS

Exploits0References5

RedhatCVE•added 2025/08/22 2:32 p.m.•4 views

CVE-2025-54927

CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses a crafted path input that is processed by the system...

4.9CVSS6.8AI score0.00174EPSS

Exploits0References1

Vulnrichment•added 2025/08/20 1:51 p.m.•2 views

CVE-2025-54927

4.9CVSS6.7AI score0.00174EPSS

Exploits0References1

Cvelist•added 2025/08/20 1:51 p.m.•9 views

CVE-2025-54927

4.9CVSS0.00174EPSS

Exploits0References1

CVE•added 2025/08/20 1:51 p.m.•14 views

CVE-2025-54927

CVE-2025-54927 concerns Schneider Electric EcoStruxure Power Monitoring Expert. The issue is a directory traversal via the HttpPostedFile module that could enable remote code execution. Exploitation requires authentication and is demonstrated in public advisories (e.g., ZDI-25-828) with attacker-...

4.9CVSS6.7AI score0.00174EPSS

Exploits0References1

Veracode•added 2025/06/18 10:9 a.m.•3 views

Directory Traversal

Salt is vulnerable to Directory Traversal. The vulnerability is due to improper input validation due to the recvfile method allowing arbitrary files to be written to the master cache directory through crafted path input...

9.6CVSS7.1AI score0.00378EPSS

Exploits0References5Affected Software1