CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/04/24 8:45 p.m.•1 views

GHSA-8X35-HPH8-37HQ electerm has Command Injection via runLinux funtion

9.8CVSS6.1AI score0.00753EPSS

Exploits0References5

Github Security Blog•added 2026/04/16 9:24 p.m.•3 views

electerm: electerm_install_script_CommandInjection Vulnerability Report

Impact What kind of vulnerability is it? Who is impacted? Command Injection vulnerabilities in electerm: A command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an exec"open...

9.8CVSS5.9AI score0.00194EPSS

Exploits0References5Affected Software1

CNNVD•added 2026/04/01 12:0 a.m.•3 views

Joomla! CMS 安全漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has security vulnerabilities, which stem from the lack of input validation. This vulnerability may lead to the deletion of any file in the automatic update server mechanism...

8.6CVSS5.8AI score0.00001EPSS

RedhatCVE•added 2026/03/26 3:2 p.m.•3 views

CVE-2026-32294

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

7CVSS6AI score0.00004EPSS

RedhatCVE•added 2026/03/26 3:2 p.m.•1 views

CVE-2026-32290

The GL-iNet Comet GL-RM1 KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

RedhatCVE•added 2026/03/26 3:1 p.m.•1 views

CVE-2026-1958

Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious...

8.7CVSS5.8AI score0.00061EPSS

NVD•added 2026/03/23 1:16 p.m.•2 views

CVE-2026-1958

8.7CVSS0.00061EPSS

Vulnrichment•added 2026/03/23 12:40 p.m.•2 views

CVE-2026-1958 Hard-coded passwords in KlinikaXP

8.7CVSS5.8AI score0.00061EPSS

CVE•added 2026/03/23 12:40 p.m.•6 views

CVE-2026-1958

CVE-2026-1958 describes hard-coded credentials in KlinikaXP and KlinikaXP Insertino, enabling an unauthorized attacker to access internal services, notably the FTP server hosting update packages. The root cause is credentials embedded in the application, with exploitation potentially leading to u...

8.7CVSS5.8AI score0.00061EPSS

EUVD•added 2026/03/17 6:30 p.m.•1 views

EUVD-2026-12598

The GL-iNet Comet GL-RM1 KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

7CVSS5.8AI score0.00008EPSS

NVD•added 2026/03/17 6:16 p.m.•2 views

CVE-2026-32294

7CVSS0.00004EPSS

Cvelist•added 2026/03/17 5:19 p.m.•20 views

CVE-2026-32294 JetKVM insufficient firmware verification

7CVSS0.00004EPSS

Vulnrichment•added 2026/03/17 5:18 p.m.•1 views

CVE-2026-32290 GL-iNet Comet (GL-RM1) KVM insufficient firmware verification

Cvelist•added 2026/03/17 5:18 p.m.•21 views

CVE-2026-32290 GL-iNet Comet (GL-RM1) KVM insufficient firmware verification

7CVSS0.00008EPSS

ATTACKERKB•added 2026/03/17 5:18 p.m.•1 views

CVE-2026-32290

CNNVD•added 2026/03/17 12:0 a.m.•4 views

Exploits0References5

GL-iNet Comet 安全漏洞

GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability present in GL-iNet Comet, which stems from insufficient verification of the authenticity of uploaded firmware files. This vulnerability may allow intermediate...