CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3866 matches found

Positive Technologies•added 2026/02/24 12:0 a.m.•11 views

PT-2026-21764

Name of the Vulnerable Software and Affected Versions exiftool versions prior to 13.50 Description An OS command injection issue exists in the PNG File Parser component of exiftool on macOS. The flaw is located in the SetMacOSTags function within the lib/Image/ExifTool/MacOS.pm file. A remote...

8.8CVSS7.4AI score0.03411EPSS

Exploits2References39

OSV•added 2026/02/23 10:16 p.m.•3 views

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

7.2CVSS5.5AI score0.09102EPSS

Exploits1References4

NVD•added 2026/02/23 10:16 p.m.•10 views

CVE-2026-3040

7.2CVSS0.09102EPSS

Exploits1References4

RedhatCVE•added 2026/02/23 7:32 p.m.•9 views

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

9.8CVSS7.1AI score0.05403EPSS

Exploits1References1

RedhatCVE•added 2026/02/23 1:31 p.m.•6 views

CVE-2026-2944

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...

9.8CVSS7.3AI score0.04471EPSS

Exploits1References1

NVD•added 2026/02/22 10:15 p.m.•6 views

CVE-2026-2956

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be...

8.8CVSS0.0563EPSS

Exploits1References4

CVE•added 2026/02/22 10:2 p.m.•18 views

CVE-2026-2956

CVE-2026-2956 affects qinming99 dst-admin up to 1.5.0. The issue is a command injection in the revertBackup function located in /home/restore, triggered by manipulating the Name argument. It supports remote attacker access and has publicly available exploit code. Public advisories indicate versio...

8.8CVSS6.4AI score0.0563EPSS

Exploits1References4Affected Software1

Vulnrichment•added 2026/02/22 10:2 p.m.•4 views

CVE-2026-2956 qinming99 dst-admin restore revertBackup command injection

6.5CVSS6.3AI score0.0563EPSS

Exploits1References4

ATTACKERKB•added 2026/02/22 10:2 p.m.•5 views

CVE-2026-2956

6.5CVSS6.3AI score0.0563EPSS

Exploits1References4Affected Software1

NVD•added 2026/02/22 2:16 p.m.•7 views

CVE-2026-2952

9.8CVSS0.05403EPSS

Exploits1References4

OSV•added 2026/02/22 2:16 p.m.•5 views

CVE-2026-2952

9.8CVSS5.6AI score

Exploits0References4

Vulnrichment•added 2026/02/22 2:2 p.m.•5 views

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

7.5CVSS5.4AI score0.05403EPSS

Exploits1References4

ATTACKERKB•added 2026/02/22 2:2 p.m.•6 views

CVE-2026-2952

7.5CVSS7.1AI score0.05403EPSS

Exploits1References4

Cvelist•added 2026/02/22 2:2 p.m.•29 views

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

7.5CVSS0.05403EPSS

Exploits1References4

Vulnrichment•added 2026/02/22 11:2 a.m.•4 views

CVE-2026-2944 Tosei Online Store Management System ネット店舗管理システム HTTP POST Request monitor.php system os command injection

7.5CVSS7.3AI score0.04471EPSS

Exploits1References4

CVE•added 2026/02/22 11:2 a.m.•21 views

CVE-2026-2944

The CVE-2026-2944 affects Tosei Online Store Management System v1.01. The vulnerability resides in the /cgi-bin/monitor.php component of the HTTP POST Request Handler; manipulating the DevId argument enables OS command injection. It is exploitable remotely, and public PoCs/exploits exist. No vend...

9.8CVSS5.6AI score0.04471EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/22 12:0 a.m.•7 views

PT-2026-21429

Name of the Vulnerable Software and Affected Versions Tosei Online Store Management System version 1.01 Description A security flaw exists in the function system of the /cgi-bin/monitor.php file within the HTTP POST Request Handler component. Manipulation of the DevId argument results in operatin...

7.5CVSS7.3AI score0.04471EPSS

Exploits1References8

Positive Technologies•added 2026/02/22 12:0 a.m.•8 views

PT-2026-21467

Name of the Vulnerable Software and Affected Versions qinming99 dst-admin versions up to 1.5.0 Description A security flaw exists in qinming99 dst-admin up to version 1.5.0. The issue is related to command injection in the revertBackup function located in the /home/restore file. The Name argument...

6.5CVSS6.3AI score0.0563EPSS

Exploits1References9

RedhatCVE•added 2026/02/21 7:29 p.m.•5 views

CVE-2026-2846

A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated...

8.6CVSS5.4AI score0.0982EPSS

Exploits1References1

RedhatCVE•added 2026/02/21 7:29 p.m.•4 views

CVE-2026-2847

A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument IspName results in os command injection. The attack can be launched remotely. The explo...

8.6CVSS5.4AI score0.09229EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by