CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28672 matches found

ATTACKERKB•added 2026/02/04 4:28 p.m.•3 views

CVE-2026-0662

A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path being utilized...

7.8CVSS6AI score0.00182EPSS

Exploits0References3Affected Software1

EUVD•added 2026/02/04 4:28 p.m.•4 views

EUVD-2026-5412

7.8CVSS6AI score0.00182EPSS

Exploits0References2

Snyk•added 2026/02/04 4:2 a.m.•2 views

Directory Traversal

Overview @google/clasp is a Develop Apps Script Projects locally Affected versions of this package are vulnerable to Directory Traversal in the fetchRemote function in files.ts. An attacker can overwrite files outside the intended project directory via pull and clone commands. Details A Directory...

8.8CVSS6.3AI score0.00465EPSS

Exploits1References2

RedhatCVE•added 2026/02/04 3:15 a.m.•4 views

CVE-2025-69983

FUXA v1.2.7 allows Remote Code Execution RCE via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker can upload a malicious project containing system commands, leading to full system compromise...

9.8CVSS5.6AI score0.00416EPSS

Exploits0References1

SUSE CVE•added 2026/02/04 12:30 a.m.•4 views

SUSE CVE-2025-65834

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image...

9.8CVSS5.7AI score0.0034EPSS

Exploits0References2

CNNVD•added 2026/02/04 12:0 a.m.•4 views

IBM Jazz Reporting Service（JRS）安全漏洞

The IBM Jazz Reporting Service JRS is a ready-to-use reporting component developed by the American multinational company International Business Machines, Inc. IBM. This product includes functions such as report generation, data collection, and lifecycle querying. There is a security vulnerability...

3.5CVSS5.8AI score0.00207EPSS

Exploits0References1

Positive Technologies•added 2026/02/04 12:0 a.m.•4 views

PT-2026-6017

Name of the Vulnerable Software and Affected Versions Autodesk 3ds Max affected versions not specified Description A specially designed project directory, when used to open a max file in Autodesk 3ds Max, may allow for the execution of arbitrary code with the privileges of the current process. Th...

7.8CVSS6AI score0.00182EPSS

Exploits0References4

Positive Technologies•added 2026/02/04 12:0 a.m.•4 views

PT-2026-6322

Name of the Vulnerable Software and Affected Versions Godot MCP versions prior to 0.1.1 Description Godot MCP is a Model Context Protocol MCP server for interacting with the Godot game engine. A command injection issue in godot-mcp allows remote code execution. The executeOperation function passe...

7.8CVSS6.5AI score0.00853EPSS

Exploits1References11

Snyk•added 2026/02/03 6:30 p.m.•2 views

Command Injection

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Command Injection via the project files import proccess. An attacker can execute arbitrary system commands by uploading a crafted project file containing...

9.8CVSS5.8AI score0.00416EPSS

Exploits0References2

OSV•added 2026/02/03 6:30 p.m.•2 views

GHSA-5R63-Q8HG-P8QX FUXA allows Remote Code Execution (RCE) via the project import functionality.

9.8CVSS5.7AI score0.00416EPSS

Exploits0References3

Github Security Blog•added 2026/02/03 6:30 p.m.•7 views

FUXA allows Remote Code Execution (RCE) via the project import functionality.

9.8CVSS5.7AI score0.00416EPSS

Exploits0References3Affected Software1

NVD•added 2026/02/03 6:16 p.m.•4 views

CVE-2025-69983

9.8CVSS0.00416EPSS

Exploits0References1

NVD•added 2026/02/03 6:16 p.m.•9 views

CVE-2025-69970

FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows unauthenticated remote attackers to access sensitive API...

9.3CVSS0.00463EPSS

Exploits0References1

Snyk•added 2026/02/03 3:54 a.m.•4 views

Malicious Package

Overview netlify-project-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

9.8CVSS5.4AI score

Exploits0References2

OSSF Malicious Packages•added 2026/02/03 3:54 a.m.•5 views

Malicious code in netlify-project-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9d2c95931ae7b5a6c572ebecb2cd096bd4cef37bcf61a440cbb2338062f4a836 The package netlify-project-helper was found to contain malicious code. Source: ghsa-malware...

5.4AI score

Exploits0References1

OSV•added 2026/02/03 3:54 a.m.•4 views

MAL-2026-661 Malicious code in netlify-project-helper (npm)

5.5AI score

Exploits0References1

CNNVD•added 2026/02/03 12:0 a.m.•5 views

FUXA 安全漏洞

FUXA is a web-based process visualization software developed by frangoteam. Version 1.2.7 of FUXA contains a security vulnerability. This vulnerability stems from the project import function not properly cleaning or sandboxing the scripts provided by users. As a result, remote code execution may...

9.8CVSS6.4AI score0.00416EPSS

Exploits0References1