CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 4 days ago•3 views

MAL-2026-5163 Malicious code in @emcd-vue/auth (npm)

6AI score

Positive Technologies•added 6 days ago•9 views

PT-2026-45126

WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers can create a specially crafted input file with 238 bytes of data to trigger a buffer overflow...

8.7CVSS6AI score0.00077EPSS

Exploits1References5

Snyk•added 2026/05/27 7:32 p.m.•4 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the custom-payload-file field in REST API server mode. An attacker can read and exfiltrate arbitrary files accessible to the process by supplying a path to a file, which is then read line-by-lin...

8.7CVSS5.9AI score0.00042EPSS

EUVD•added 2026/05/27 5:35 p.m.•7 views

EUVD-2026-32616

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through...

Vulnrichment•added 2026/05/27 5:35 p.m.•4 views

CVE-2026-45088 Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

ATTACKERKB•added 2026/05/27 5:35 p.m.•6 views

CVE-2026-45088

Exploits0References3Affected Software1

CVE•added 2026/05/27 5:35 p.m.•5 views

CVE-2026-45088

CVE-2026-45088 affects Dalfox when run in REST API server mode prior to version 2.13.0. The custom-payload-file field in model.Options is JSON-tagged and deserialized from the attacker’s request body, then propagated into the scan engine and passed to voltFile.ReadLinesOrLiteral. Each line of the...

Cvelist•added 2026/05/27 5:35 p.m.•34 views

CVE-2026-45088 Dalfox: Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` in Dalfox Server Mode

7.5CVSS0.00042EPSS

Github Security Blog•added 2026/05/12 3:8 p.m.•7 views

Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

Summary When dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to...

7.5CVSS6AI score0.00042EPSS

Exploits0References3Affected Software1

OSV•added 2026/05/12 3:8 p.m.•2 views

GHSA-35WR-X7V6-9FV2 Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file`

7.5CVSS6AI score0.00042EPSS

Exploits0References3

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40550

Name of the Vulnerable Software and Affected Versions Dalfox versions prior to 2.13.0 Description When running in REST API server mode, the software fails to sanitize the custom-payload-file field within model.Options, which is deserialized directly from the request body and passed to the...

ATTACKERKB•added 2026/04/26 1:19 p.m.•0 views

Exploits0References5

CVE-2018-25264

TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a payload file containing 4000 bytes of data, paste it into the License Key field, and trigger a...

6.9CVSS5.8AI score0.00006EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/26 1:19 p.m.•0 views

CVE-2018-25264 TransMac 12.2 Denial of Service via License Key Field

6.9CVSS5.8AI score0.00006EPSS

CNNVD•added 2026/04/26 12:0 a.m.•5 views

Acute Systems TransMac 安全漏洞

Acute Systems TransMac is a tool software developed by Acute Systems that allows access and management of Mac disks and file systems on Windows systems. Version 12.2 of Acute Systems TransMac contains a security vulnerability. This vulnerability stems from a buffer overflow in the license key inp...

6.9CVSS6.1AI score0.00006EPSS

GithubExploit•added 2026/04/08 6:56 a.m.•95 views

Exploit for Eval Injection in Langflow

CVE-2026-33017 - Langflow Unauthenticated RCE...

9.8CVSS6.4AI score0.23981EPSS

Exploits16

NVD•added 2026/03/06 1:16 p.m.•0 views

CVE-2018-25198

eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing 255 bytes of data that triggers a buffer overflow condition when processed by the application...

6.9CVSS0.00019EPSS

Cvelist•added 2026/03/06 12:19 p.m.•24 views

CVE-2018-25198 eToolz 3.4.8.0 Denial of Service via Buffer Overflow

6.9CVSS0.00019EPSS

CVE•added 2026/03/06 12:19 p.m.•8 views

CVE-2018-25198

CVE-2018-25198 affects eToolz 3.4.8.0 and describes a denial-of-service condition caused by processing oversized input buffers. The vulnerability allows a local attacker to crash the application by supplying crafted input; specifically, a payload file containing 255 bytes can trigger a buffer ove...

6.9CVSS6.1AI score0.00019EPSS

RedhatCVE•added 2026/03/04 1:57 a.m.•3 views

CVE-2025-48642

In jumptopayload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.1AI score0.00003EPSS