CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/26 6:0 p.m.•6 views

CVE-2026-9568

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

5.1CVSS5.2AI score0.00041EPSS

ATTACKERKB•added 2026/05/25 6:30 a.m.•7 views

CVE-2026-9434

A security vulnerability has been detected in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be...

10CVSS7AI score0.01254EPSS

Exploits0References5Affected Software1

ATTACKERKB•added 2026/05/24 3:45 a.m.•9 views

CVE-2026-9353

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.23. Impacted is an unknown function of the file agent/skillsguard.py of the component Skills Guard Multi-Word Prompt Handler. The manipulation of the argument THREATPATTERNS leads to injection. Remote exploitatio...

7.5CVSS6.6AI score0.00057EPSS

Exploits0References4Affected Software1

NVD•added 2026/05/23 2:16 p.m.•11 views

CVE-2026-9302

A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code...

6.5CVSS0.00058EPSS

EUVD•added 2026/05/23 1:15 p.m.•10 views

EUVD-2026-31537

6.5CVSS6.3AI score0.00058EPSS

Positive Technologies•added 2026/05/23 12:0 a.m.•11 views

PT-2026-42881

6.5CVSS6.3AI score0.00058EPSS

RedhatCVE•added 2026/05/11 8:27 p.m.•9 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS5.6AI score0.00053EPSS

NVD•added 2026/05/09 11:16 p.m.•9 views

CVE-2026-8211

5.8CVSS0.00053EPSS

Exploits0References4

CVE•added 2026/05/09 10:15 p.m.•9 views

CVE-2026-8211

CVE-2026-8211 affects codelibs Fess up to 15.5.1. The vulnerability lies in the JSP File Handler’s AdminDesignAction.java update function, where manipulation of the content argument enables code injection. Attacks can be performed remotely, and the exploit is public. No remediation details are pr...

5.8CVSS5.6AI score0.00053EPSS

Exploits0References4

Cvelist•added 2026/05/09 10:15 p.m.•26 views

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

5.8CVSS0.00053EPSS

Exploits0References4

RedhatCVE•added 2026/05/05 2:20 a.m.•4 views

CVE-2026-7700

A weakness has been identified in langflow-ai langflow up to 1.8.4. This affects the function eval of the file src/lfx/src/lfx/components/llmoperations/lambdafilter.p of the component LambdaFilterComponent. Executing a manipulation can lead to code injection. The attack may be performed from...

6.5CVSS6.3AI score0.00017EPSS

ATTACKERKB•added 2026/05/04 11:45 p.m.•2 views

CVE-2026-7785

A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94a201b4043092d4a1b09a12275/400c3da70074f22f3cce7ccb65304cafc7089c89. This affects the function quickcapture of the file pysharkmcp.py. The manipulation results in os command injection. The attack may be launched...

7.5CVSS6.8AI score0.0212EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•3 views

CVE-2026-7595

A flaw has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this vulnerability is the function formatplugins of the file .claude/skills/ui-styling/scripts/tailwindconfiggen.py of the component Tailwind Config Generator. This manipulation causes code injection. The attac...

6.5CVSS6.2AI score0.00067EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•4 views

CVE-2026-7508

A vulnerability was found in Bootstrap CMS 0.9.0-alpha. Affected is an unknown function of the file resources/views/pages/show.blade.php of the component Page Creation Handler. Performing a manipulation of the argument body results in code injection. Remote exploitation of the attack is possible...

6.5CVSS6.3AI score0.00053EPSS

RedhatCVE•added 2026/05/04 8:21 p.m.•3 views

CVE-2026-7703

A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket API. This manipulation causes code injection. The attack can be initiated remotely. The exploit has been published and may be used. Upgrading to version 25.2 R3 is...

7.5CVSS6.7AI score0.00067EPSS

NVD•added 2026/05/03 5:16 p.m.•10 views

CVE-2026-7703

7.5CVSS0.00067EPSS

CVE•added 2026/05/03 4:15 p.m.•13 views

CVE-2026-7703

CVE-2026-7703 affects AV Stumpfl Pixera Two Media Server up to version 25.2 R2, where an issue in the Websocket API component enables remote code injection. The attack is network-exploitable with no user interaction, and exploit maturity is reported as PROOF-OF-CONCEPT. Upgrading to 25.2 R3 is re...

7.5CVSS6.7AI score0.00067EPSS