CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

47 matches found

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...

6.1AI score

Exploits0

RedHat Linux•added 2026/05/20 10:8 a.m.•8 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

6.5CVSS6.7AI score0.00042EPSS

Exploits0References5

RedHat Linux•added 2026/05/20 4:51 a.m.•6 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

6.5CVSS6.7AI score0.00042EPSS

Exploits0References5

RedHat Linux•added 2026/05/20 2:53 a.m.•6 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

6.5CVSS6.7AI score0.00042EPSS

Exploits0References5

RedHat Linux•added 2026/05/11 12:1 p.m.•5 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

6.5CVSS6.7AI score0.00042EPSS

Exploits0References5

OSV•added 2026/05/07 6:51 p.m.•2 views

JLSEC-2026-489 A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service ...

6.5CVSS6AI score0.00042EPSS

Exploits0References6

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.6AI score0.00084EPSS

Exploits0References2

NVD•added 2026/04/21 12:16 a.m.•1 views

CVE-2026-41296

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path validation and file read operations to bypass sandbox restrictions and read arbitrary files...

8.8CVSS0.00036EPSS

Exploits0References3

Vulnrichment•added 2026/04/20 11:8 p.m.•2 views

CVE-2026-41296 OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile

8.8CVSS5.9AI score0.00036EPSS

Exploits0References3

EUVD•added 2026/04/20 11:8 p.m.•1 views

EUVD-2026-24000

8.8CVSS5.9AI score0.00036EPSS

Exploits0References3

ATTACKERKB•added 2026/04/20 11:8 p.m.•0 views

CVE-2026-41296

8.8CVSS5.9AI score0.00036EPSS

Exploits0References4

Positive Technologies•added 2026/04/20 12:0 a.m.•2 views

PT-2026-33863

8.8CVSS5.9AI score0.00036EPSS

Exploits0References4

OSV•added 2026/04/15 6:37 p.m.•2 views

MAL-2026-2884 Malicious code in forge-jsx (npm)

forge-jsx is a malicious npm package that impersonates an Autodesk Forge SDK. It was published as a fully-formed RAT from its first version on April 7, 2026. Installing the package on any non-CI machine deploys a persistent background agent that captures all keystrokes, monitors clipboard content...

5.9AI score

Exploits0References2

Packet Storm•added 2026/04/14 12:0 a.m.•40 views

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

WebRemoteControl suffers from an unauthenticated remote filesystem access vulnerability. This proof of concept exploit lets you browse directory contents and access files. Exploit Title: WebRemoteControl - Unauthenticated Remote Filesystem Access Date: 2026-04-14 Exploit Author: Chokri Hammedi...

5.8AI score

Exploits0

Github Security Blog•added 2026/04/03 3:14 a.m.•1 views

OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile

Summary Sandbox escape via TOCTOU race in remote FS bridge readFile Current Maintainer Triage - Normalized severity: critical - Assessment: v2026.3.28 remote sandbox reads still do path-check then separate file read, so the TOCTOU sandbox escape remains present in the latest shipped tag. Affected...

8.8CVSS5.9AI score0.00036EPSS

Exploits0References6Affected Software1

OSV•added 2026/04/03 3:14 a.m.•4 views

GHSA-9P3R-HH9G-5CMG OpenClaw: Sandbox escape via TOCTOU race in remote FS bridge readFile

9.4CVSS5.9AI score0.00036EPSS

Exploits0References6

Snyk•added 2026/04/03 3:14 a.m.•0 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the readFile process of the remote file system bridge due to a time-of-check to time-of-use TOCTOU race condition. An attacker can gain...

9.9CVSS6AI score0.00036EPSS

Exploits0References2

OSV•added 2025/12/11 7:16 a.m.•1 views

CVE-2025-14512

6.5CVSS5.5AI score0.00042EPSS

Exploits0References3

EUVD•added 2025/12/11 7:11 a.m.•1 views

EUVD-2025-202664

6.5CVSS6.6AI score0.00042EPSS

Exploits0References3

CVE•added 2025/12/11 7:11 a.m.•28 views

CVE-2025-14512

CVE-2025-14512 affects GLib2 (glib2) in IBM Netezza Appliance. The IBM security bulletin confirms a vulnerability in GLib’s GIO escape_byte_string() that can cause a heap-based buffer overflow leading to DoS when processing certain file or remote filesystem attribute values. Remediation: upgrade ...

6.5CVSS6.8AI score0.00042EPSS

Exploits0References19Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by