CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30699 matches found

GithubExploit•added 2026/03/29 4:26 p.m.•101 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 — MCP Connect RCE via Unauthenticated Command I...

9.8CVSS6AI score0.30368EPSS

Exploits27

Github Security Blog•added 2026/03/29 3:39 p.m.•4 views

wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

Summary A GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code execution on the runner. Details The workflow is triggered by issuecomment, which can be controlled by external users. In the...

9.8CVSS6.5AI score0.00081EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/29 3:39 p.m.•3 views

GHSA-R4FJ-R33X-8V88 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`

9.8CVSS6.5AI score0.00081EPSS

Exploits1References3

Snyk•added 2026/03/29 3:39 p.m.•2 views

Command Injection

Overview wenxian is a Generate references. Affected versions of this package are vulnerable to Command Injection via the github.event.comment.body input in the GitHub Actions workflow. An attacker can execute arbitrary shell commands on the CI runner by posting crafted comments to issues, leading...

9.8CVSS6AI score0.00081EPSS

Exploits1References3

Cvelist•added 2026/03/29 12:22 a.m.•28 views

CVE-2026-4851 GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary...

0.00099EPSS

Exploits0References1

Packet Storm News•added 2026/03/29 12:0 a.m.•0 views

A Systematic Taxonomy of Security Vulnerabilities in the OpenClaw AI Agent Framework

AI agent frameworks connecting large language model LLM reasoning to host execution surfaces--shell, filesystem, containers, and messaging--introduce security challenges structurally distinct from conventional software. We present a systematic taxonomy of 190 advisories filed against OpenClaw, an...

6.5AI score

Exploits0

Positive Technologies•added 2026/03/29 12:0 a.m.•3 views

PT-2026-28591

Name of the Vulnerable Software and Affected Versions Xiongmai DVR/NVR devices versions 4.03.R11 Xiongmai AHB7008T-MH-V2 Xiongmai NBD7024H-P Description A root OS command injection can occur through the use of shell metacharacters in the HostName value. This occurs via an authenticated DVRIP...

8.8CVSS6.2AI score0.00109EPSS

Exploits0References8

Positive Technologies•added 2026/03/29 12:0 a.m.•1 views

PT-2026-28615

Name of the Vulnerable Software and Affected Versions njzjz/wenxian affected versions not specified Description A command injection flaw exists in a GitHub Actions workflow due to the direct use of untrusted user input from issue comment.body within a shell command. The workflow is triggered by...

9.8CVSS6.2AI score0.00081EPSS

Exploits1References7

RedhatCVE•added 2026/03/28 4:59 p.m.•3 views

CVE-2025-15616

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...

7.2CVSS6.7AI score0.00194EPSS

Exploits1References1

EUVD•added 2026/03/28 12:30 p.m.•1 views

EUVD-2017-18951

MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programmi...

9.8CVSS6.6AI score0.00109EPSS

Exploits1References3

EUVD•added 2026/03/28 12:30 p.m.•5 views

EUVD-2017-18949

Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute...

8.6CVSS6.6AI score0.00025EPSS

Exploits1References4

EUVD•added 2026/03/28 12:30 p.m.•1 views

EUVD-2017-18947

JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and...

9.8CVSS6.6AI score0.00114EPSS

Exploits1References4

NVD•added 2026/03/28 12:16 p.m.•4 views

CVE-2017-20229

9.8CVSS0.00109EPSS

Exploits1References2

NVD•added 2026/03/28 12:16 p.m.•3 views

CVE-2017-20227

9.8CVSS0.00114EPSS

Exploits1References3

UbuntuCve•added 2026/03/28 12:16 p.m.•0 views

CVE-2017-20229

9.8CVSS6.5AI score0.00109EPSS

Exploits1References3

OSV•added 2026/03/28 12:16 p.m.•1 views

UBUNTU-CVE-2017-20229

9.8CVSS6.6AI score0.00109EPSS

Exploits1References4

OSV•added 2026/03/28 12:16 p.m.•3 views

UBUNTU-CVE-2018-25224

PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute she...

8.6CVSS6.6AI score0.00038EPSS

Exploits1References5

Cvelist•added 2026/03/28 12:0 p.m.•26 views

CVE-2017-20228 Flat Assembler 1.71.21 Stack-Based Buffer Overflow ROP

8.6CVSS0.00025EPSS

Exploits1References3