CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:29 p.m.•7 views

CVE-2026-31927

Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files e.g., /etc/shadow, enabling unauthorized SSH access when combined with debug‑setting changes...

4.9CVSS5.6AI score0.00354EPSS

NVD•added 2026/06/05 6:17 p.m.•10 views

CVE-2026-45744

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS0.01607EPSS

Exploits1References2

OSV•added 2026/05/26 9:5 p.m.•6 views

MAL-2026-4828 Malicious code in hmacsync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d361ffcded0fc3d88b5095d800b13b3f8a07a581e8003c30bfcf9887eb71243f The package is a new version of the previously removed libhmac. The key parts, a malicious payload to inject into hijacked browser extensions, is not included ...

5.9AI score

OSV•added 2026/05/13 3:9 a.m.•4 views

MAL-2026-3635 Malicious code in knot-rspec-formatter-json (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security a4e4f74e90479d472a307d311d48214827e21cf93ecf9b0b62ff2cb72adb2c9e This package is a malicious packages part of the Go BufferZoneCorp and RubyGems knot-theory clusters. The packages in this cluster steal...

OSSF Malicious Packages•added 2026/05/13 3:9 a.m.•6 views

Malicious code in github.com/BufferZoneCorp/go-weather-sdk (Go)

OSSF Malicious Packages•added 2026/05/13 3:9 a.m.•6 views

Malicious code in github.com/BufferZoneCorp/grpc-client (Go)

OSSF Malicious Packages•added 2026/05/13 3:9 a.m.•7 views

Malicious code in github.com/BufferZoneCorp/log-core (Go)

OSSF Malicious Packages•added 2026/05/13 3:9 a.m.•6 views

Malicious code in knot-rspec-formatter-json (RubyGems)

OSV•added 2026/05/13 3:9 a.m.•4 views

MAL-2026-3633 Malicious code in knot-rack-session-store (RubyGems)

OSV•added 2026/05/13 3:9 a.m.•5 views

MAL-2026-3629 Malicious code in github.com/BufferZoneCorp/net-helper (Go)

OSV•added 2026/05/13 3:9 a.m.•3 views

MAL-2026-3631 Malicious code in knot-date-utils-rb (RubyGems)

OSV•added 2026/05/13 3:9 a.m.•4 views

MAL-2026-3623 Malicious code in github.com/BufferZoneCorp/go-retryablehttp (Go)

OSV•added 2026/05/13 3:9 a.m.•6 views

MAL-2026-3632 Malicious code in knot-devise-jwt-helper (RubyGems)

RedhatCVE•added 2026/05/06 8:21 p.m.•3 views

CVE-2026-7865

A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the way console command passes to a popen function call. Attackers with authenticated access to SSH conso...

7.4CVSS5.8AI score0.00753EPSS

EUVD•added 2026/05/05 6:33 p.m.•3 views

EUVD-2026-27394

7.4CVSS5.8AI score0.00753EPSS

EUVD•added 2026/04/17 9:31 p.m.•1 views

EUVD-2026-23470

4.9CVSS5.9AI score0.00354EPSS

Exploits0References4

NVD•added 2026/04/17 8:16 p.m.•1 views

CVE-2026-31927

4.9CVSS0.00354EPSS

Vulnrichment•added 2026/04/17 7:24 p.m.•2 views

CVE-2026-31927 Anviz CX7 Firmware Relative Path Traversal

4.9CVSS5.9AI score0.00354EPSS