CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15256 matches found

Nuclei•added 2026/05/12 8:3 a.m.•117 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.5AI score0.94352EPSS

Exploits1References5

OSSF Malicious Packages•added 2026/05/12 7:42 a.m.•4 views

Malicious code in dcchbot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector df79831d1b486c8ca704295b410cec7b66be85aa87c3244d97ff1e87f643183a The package performs multiple installer-hostile behaviors. 1 dcchbot/init.py auto-invokes run on import, which triggers interactive input prompts and...

6.1AI score

Exploits0References5

OSV•added 2026/05/12 7:42 a.m.•6 views

MAL-2026-3689 Malicious code in dcchbot (PyPI)

6.1AI score

Exploits0References5

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-39980

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

7.7CVSS6.5AI score0.00256EPSS

Exploits0References2

Redos•added 2026/05/12 12:0 a.m.•8 views

ROS-20260512-73-0007

A vulnerability in the Incus container management system and virtual machine manager is related to failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

8.7CVSS7.6AI score0.00032EPSS

Exploits1

RedhatCVE•added 2026/05/11 8:25 p.m.•5 views

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

7.2CVSS6AI score0.00053EPSS

Exploits0References1

EUVD•added 2026/05/11 3:32 p.m.•5 views

EUVD-2026-29051

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS6AI score0.00317EPSS

Exploits0References4

ATTACKERKB•added 2026/05/11 12:48 p.m.•6 views

CVE-2026-4802

8CVSS6AI score0.00317EPSS

Exploits0References14

Debian CVE•added 2026/05/11 12:48 p.m.•5 views

CVE-2026-4802

8CVSS7.3AI score0.00317EPSS

Exploits0

Cvelist•added 2026/05/11 12:48 p.m.•35 views

CVE-2026-4802 Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

8CVSS0.00317EPSS

Exploits0References13

RedhatCVE•added 2026/05/11 12:48 p.m.•16 views

CVE-2026-4802

8CVSS6AI score0.00317EPSS

Exploits0References4

Vulnrichment•added 2026/05/11 12:48 p.m.•4 views

CVE-2026-4802 Cockpit: cockpit: arbitrary command execution via crafted links in system logs ui

8CVSS6AI score0.00317EPSS

Exploits0References3

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39595

Name of the Vulnerable Software and Affected Versions Cockpit affected versions not specified Description A flaw in the system logs user interface UI allows a remote attacker to achieve arbitrary command execution on the host. The issue stems from unsanitized user-controlled parameters within...

8CVSS7.3AI score0.00317EPSS

Exploits0References53

Packet Storm•added 2026/05/11 12:0 a.m.•87 views

📄 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution

This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The vulnerability allows unauthenticated attackers to execute arbitrary system commands via crafted SOAP requests sent to the...

7.5CVSS7.7AI score0.94439EPSS

Exploits45

Tenable Nessus•added 2026/05/11 12:0 a.m.•8 views

Unity Linux 20.1070e Security Update: xstream (UTSA-2026-017781)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017781 advisory. XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficien...

8.8CVSS7.1AI score0.90349EPSS

Exploits1References4

Packet Storm•added 2026/05/11 12:0 a.m.•68 views

📄 Contact Form by Supsystic 1.7.36 Server-Side Template Injection

Contact Form by Supsystic versions 1.7.36 and below server-side template injection exploit that achieves remote code execution. import requests import argparse import re import urllib.parse def checksstiurl, fieldname: printf" Testing SSTI on url with field fieldname..." Simple arithmetic test...

9.8CVSS6.1AI score0.86931EPSS

Exploits7

Tenable Nessus•added 2026/05/11 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-4802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized...

8CVSS7.3AI score0.00317EPSS

Exploits0References2

CVE•added 2026/05/10 12:43 p.m.•4 views

CVE-2021-47943

TextPattern CMS 4.8.7 is affected by a remote code execution (RCE) vulnerability exploitable via file upload. The flaw allows authenticated attackers to upload PHP files (a PHP shell) through the Files section in the content area and trigger code execution by accessing the uploaded file at /textp...

8.8CVSS6.6AI score0.00307EPSS

Exploits0References3