CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 5 days ago•6 views

CVE-2026-1784 Ose-cluster-ingress-operator: remote code execution through haproxy configuration injection

8.8CVSS5.8AI score0.00013EPSS

GithubExploit•added 5 days ago•46 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 --- Description MCPJam inspector is a loca...

9.8CVSS6.6AI score0.30368EPSS

Exploits27

RedhatCVE•added 5 days ago•7 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00243EPSS

Exploits0References1

RedhatCVE•added 5 days ago•6 views

CVE-2026-45661

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote serve...

9.9CVSS6.5AI score0.0009EPSS

Exploits0References1

EUVD•added 5 days ago•10 views

EUVD-2026-33784

In multiple functions of sdpdiscovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote proximal/adjacent code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS6.5AI score0.00009EPSS

EUVD•added 5 days ago•7 views

EUVD-2018-21957

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception...

9.8CVSS6.6AI score0.00255EPSS

Exploits0References5

ATTACKERKB•added 5 days ago•5 views

CVE-2026-30650

A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

6.4AI score0.00386EPSS

Exploits0References3

Positive Technologies•added 5 days ago•7 views

PT-2026-45783

Name of the Vulnerable Software and Affected Versions OpenMed versions prior to 1.5.2 Description Remote code execution is possible in the PII privacy-filter model loading path. The privacy-filter dispatcher uses broad substring matching on the user-supplied model name parameter, which allows a...

9.8CVSS6.2AI score0.00236EPSS

Exploits0References7

Positive Technologies•added 5 days ago•5 views

PT-2026-46483

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in the Actor component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...

PT-2026-46492

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...

PT-2026-46464

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue exists in V8, the JavaScript and WebAssembly engine. This allows a remote attacker to execute arbitrary code within a sandbox by inducing a user to open a special...

Positive Technologies•added 5 days ago•5 views

PT-2026-46578

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in the Password Manager. This allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after fre...

PT-2026-46663

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in Canvas allows a remote attacker to execute arbitrary code inside a sandbox by utilizing a crafted HTML page. Use after free is a memory corruption flaw that...

PT-2026-46629

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Isolated Web Apps allows a remote attacker to execute arbitrary code inside a sandbox by using a malicious file. Recommendations Update to version...

7.3CVSS6.4AI score0.0018EPSS

PT-2026-45770

Name of the Vulnerable Software and Affected Versions VIVOTEK INC FD8136-VVTK-0300a affected versions not specified Description A buffer overflow allows a remote attacker to execute arbitrary code via the 'set getparam.cgi' component. A buffer overflow occurs when a program writes more data to a...

Exploits0References4

Vulnrichment•added 5 days ago•4 views

CVE-2026-35717

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

6.5AI score0.00163EPSS