CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

251658 matches found

ROS-20260615-73-0003

The vulnerability in freerdp is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.7CVSS8.1AI score0.00467EPSS

Exploits0

Redos•added 3 days ago•5 views

ROS-20260615-73-0002

The vulnerability in freerdp3 is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.7CVSS7.8AI score0.00467EPSS

Exploits0

CVE•added 3 days ago•25 views

CVE-2026-30120

CVE-2026-30120 concerns the Remotion project: remotion v4.0.409 has a reported remote code execution (RCE) vulnerability. The NVD/NVD-derived entries and ENISA/EUVD mirrors describe an exploit with a CVSS v3.1 base score of 9.8 (CRITICAL), attack vector NETWORK, no privileges required, no user in...

9.8CVSS6.2AI score0.00801EPSS

Exploits1References1Affected Software1

CVE•added 3 days ago•9 views

CVE-2026-38329

Bludit CMS is affected pre-3.18.4. The API Plugin's POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails authorization checks and lacks file extension validation, enabling an attacker with a valid API token to upload a PHP script and execute arbitrary code on the server (Remote Code ...

9.8CVSS6.3AI score0.00504EPSS

Exploits0References1

CVE•added 3 days ago•6 views

CVE-2026-39006

CVE-2026-39006 concerns SNMP4J-Agent 3.8.3 where a remote attacker can execute arbitrary code via the snmp4jCfgStoragePath component. Documented impact is critical (CVSS v3.1: 9.8) with network discovery and no user interaction required; exploitation status is not provided in the supplied sources...

9.8CVSS6AI score0.00515EPSS

Exploits1References1

CVE•added 3 days ago•10 views

CVE-2026-50869

CVE-2026-50869 relates to Bludit v3.19.0, where the api/plugin.php component is vulnerable to a directory traversal via a crafted request. The CVE entry documents a high-severity issue (CVSS 3.1: 9.8, CRITICAL) with network attack vector, no privileges required, and no user interaction. The affec...

9.8CVSS5.5AI score0.00718EPSS

Exploits0References1

GithubExploit•added 4 days ago•66 views

Exploit for CVE-2022-30190

Explotación de Follina CVE-2022-30190 Follina CVE-2022-3...

9.3CVSS8AI score0.99374EPSS

Exploits62

OSSF Malicious Packages•added 4 days ago•8 views

Malicious code in npm-sandbox-research-e9f0 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a18a9932f78294e22aa0a85077b9318233ab0952bc8788ae8987fce3e5002c93 Package declares a postinstall hook "postinstall": "node run.js" that executes automatically on npm install. The tarball ships beacon scripts...

5.7AI score

Exploits0References2

GithubExploit•added 4 days ago•51 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 – MCPJam Inspector Unauthenticated Remote Code...

9.8CVSS6.6AI score0.36126EPSS

Exploits29

Tenable Nessus•added 4 days ago•5 views

SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...

10CVSS6.2AI score0.00888EPSS

Exploits0References34

GithubExploit•added 5 days ago•148 views

POC_cve_2026_35273

POCcve202635273 Universal Unauthenticated RCE via PeopleSof...

5.4AI score

Exploits0

OSV•added 5 days ago•8 views

MAL-2026-5740 Malicious code in 2fa-exe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df3ad6044ca4d17d594aa3aa0d1a75d1dbf3ebf483d0dd1b04d502277674a8cc Package advertises itself as an SVG fetcher/sanitizer but ships an undocumented exported factory getPlugin in index.js that performs an HTTPS GET to...

5.6AI score

Exploits0References2

OSSF Malicious Packages•added 5 days ago•11 views

Malicious code in environment-gate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48e4ad756dbae70bb38049d363961eb27239c7cf18c6a92612579aeb818da7b1 The package's only export, gate, performs an HTTP GET to a base64-obfuscated URL https://www.jsonkeeper.com/b/VKUNI and passes the response body...

6AI score

Exploits0References1

OSV•added 5 days ago•9 views

MAL-2026-5743 Malicious code in environment-gate (npm)

6AI score

Exploits0References1

GithubExploit•added 5 days ago•101 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 - React2Shell Pre-authentication RCE in Reac...

10CVSS8.6AI score0.99562EPSS

Exploits366

GithubExploit•added 5 days ago•72 views

MeshCentral-RogueAgent

MeshCentral RogueAgent A proof-of-concept exploit chain for a...

5.5AI score

Exploits0

GithubExploit•added 5 days ago•74 views

Exploit for OS Command Injection in Paessler Prtg_Network_Monitor

CVE-2018-9276 — PRTG Network Monitor ⚠️ Disclaimer: This...

9CVSS8AI score0.86943EPSS

Exploits12

GithubExploit•added 5 days ago•69 views

Exploit for CVE-2026-11417

CVE-2026-11417-AWS-CDK-RCE Techn...

7.3CVSS5.6AI score0.00657EPSS

Exploits1

The Hacker News•added 5 days ago•16 views

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

9.8CVSS6.7AI score0.01731EPSS

Exploits1

GithubExploit•added 5 days ago•64 views

Exploit for CVE-2026-6279

Description This Python script is an exploit tool for CVE-2026-6...

9.8CVSS5.3AI score0.01462EPSS

Exploits4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by