CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19582 matches found

NVD•added 2026/02/23 10:16 p.m.•5 views

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

7.2CVSS0.09102EPSS

Exploits1References4

RedhatCVE•added 2026/02/23 7:32 p.m.•7 views

CVE-2026-2952

A flaw has been found in Vaelsys 4.1.0. This vulnerability affects unknown code of the file /tree/treeserver.php of the component HTTP POST Request Handler. This manipulation of the argument xajaxargs causes os command injection. The attack is possible to be carried out remotely. The exploit has...

9.8CVSS7.1AI score0.04519EPSS

Exploits1References1

RedhatCVE•added 2026/02/23 1:31 p.m.•3 views

CVE-2026-2944

A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...

9.8CVSS7.3AI score0.03738EPSS

Exploits1References1

OSSF Malicious Packages•added 2026/02/23 12:37 p.m.•12 views

Malicious code in request-httpx-4 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b0c661d240f626319e5ff1e52562ca1d4a8a6c741126a91e4d46a9ed639cfc0d The package contains a Telegram bot running allowing for remote access. This functionality is disclosed in the readme, but the package name clearly indicates...

5.8AI score

Exploits0References1

OSV•added 2026/02/23 12:37 p.m.•6 views

MAL-2026-1001 Malicious code in request-httpx-4 (PyPI)

5.9AI score

Exploits0References1

Packet Storm•added 2026/02/23 12:0 a.m.•97 views

📄 Telesquare TLR-2005KSH Remote Command Execution

Telesquare TLR-2005KSH proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Telesquare TLR-2005KSH - Remote Command Execution vulnerability | |...

5.7AI score

Exploits0

NVD•added 2026/02/22 10:15 p.m.•4 views

CVE-2026-2956

A security flaw has been discovered in qinming99 dst-admin up to 1.5.0. This affects the function revertBackup of the file /home/restore. The manipulation of the argument Name results in command injection. The attack can be launched remotely. The exploit has been released to the public and may be...

8.8CVSS0.0471EPSS

Exploits1References4

Vulnrichment•added 2026/02/22 10:2 p.m.•4 views

CVE-2026-2956 qinming99 dst-admin restore revertBackup command injection

6.5CVSS6.3AI score0.0471EPSS

Exploits1References4

ATTACKERKB•added 2026/02/22 10:2 p.m.•4 views

CVE-2026-2956

6.5CVSS6.3AI score0.0471EPSS

Exploits1References4Affected Software1

CVE•added 2026/02/22 10:2 p.m.•8 views

CVE-2026-2956

CVE-2026-2956 affects qinming99 dst-admin up to 1.5.0. The issue is a command injection in the revertBackup function located in /home/restore, triggered by manipulating the Name argument. It supports remote attacker access and has publicly available exploit code. Public advisories indicate versio...

8.8CVSS6.4AI score0.0471EPSS

Exploits1References4Affected Software1

OSV•added 2026/02/22 2:16 p.m.•3 views

CVE-2026-2952

9.8CVSS5.6AI score

Exploits0References4

NVD•added 2026/02/22 2:16 p.m.•6 views

CVE-2026-2952

9.8CVSS0.04519EPSS

Exploits1References4

Vulnrichment•added 2026/02/22 2:2 p.m.•5 views

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

7.5CVSS5.4AI score0.04519EPSS

Exploits1References4

ATTACKERKB•added 2026/02/22 2:2 p.m.•6 views

CVE-2026-2952

7.5CVSS7.1AI score0.04519EPSS

Exploits1References4

Cvelist•added 2026/02/22 2:2 p.m.•28 views

CVE-2026-2952 Vaelsys HTTP POST Request tree_server.php os command injection

7.5CVSS0.04519EPSS

Exploits1References4

Vulnrichment•added 2026/02/22 11:2 a.m.•2 views

CVE-2026-2944 Tosei Online Store Management System ネット店舗管理システム HTTP POST Request monitor.php system os command injection

7.5CVSS7.3AI score0.03738EPSS

Exploits1References4

CVE•added 2026/02/22 11:2 a.m.•13 views

CVE-2026-2944

The CVE-2026-2944 affects Tosei Online Store Management System v1.01. The vulnerability resides in the /cgi-bin/monitor.php component of the HTTP POST Request Handler; manipulating the DevId argument enables OS command injection. It is exploitable remotely, and public PoCs/exploits exist. No vend...

9.8CVSS5.6AI score0.03738EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2026/02/22 12:0 a.m.•4 views

PT-2026-21429

Name of the Vulnerable Software and Affected Versions Tosei Online Store Management System version 1.01 Description A security flaw exists in the function system of the /cgi-bin/monitor.php file within the HTTP POST Request Handler component. Manipulation of the DevId argument results in operatin...

7.5CVSS7.3AI score0.03738EPSS

Exploits1References8

Positive Technologies•added 2026/02/22 12:0 a.m.•5 views

PT-2026-21467

Name of the Vulnerable Software and Affected Versions qinming99 dst-admin versions up to 1.5.0 Description A security flaw exists in qinming99 dst-admin up to version 1.5.0. The issue is related to command injection in the revertBackup function located in the /home/restore file. The Name argument...

6.5CVSS6.3AI score0.0471EPSS

Exploits1References9

RedhatCVE•added 2026/02/21 7:29 p.m.•4 views

CVE-2026-2846

A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated...

8.6CVSS5.4AI score0.0982EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by