CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

161 matches found

NVD•added 2026/03/31 3:16 p.m.•0 views

CVE-2026-34162

FastGPT is an AI Agent building platform. Prior to version 4.14.9.5, the FastGPT HTTP tools testing endpoint /api/core/app/httpTools/runTool is exposed without any authentication. This endpoint acts as a full HTTP proxy — it accepts a user-supplied baseUrl, toolPath, HTTP method, custom headers,...

10CVSS0.00224EPSS

Exploits1References4

ATTACKERKB•added 2026/03/31 1:43 p.m.•0 views

CVE-2026-34162

10CVSS5.8AI score0.00224EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2026/03/03 9:19 p.m.•4 views

OpenClaw's web tools strict URL guard could lose DNS pinning when env proxy is configured

Summary openclaw web tools strict URL fetch paths could lose DNS pinning when environment proxy variables are configured HTTPPROXY/HTTPSPROXY/ALLPROXY, including lowercase variants. In affected builds, strict URL checks for example webfetch and citation redirect resolution validated one destinati...

7.6CVSS5.9AI score0.00066EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/02/13 7:21 a.m.•8 views

CVE-2025-15577

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

9.2CVSS5.7AI score0.00049EPSS

Exploits0References1

OSV•added 2026/02/12 7:15 a.m.•3 views

CVE-2025-15577

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

7.5CVSS5.9AI score0.00049EPSS

Exploits0References1

Vulnrichment•added 2026/02/12 6:4 a.m.•3 views

CVE-2025-15577 Valmet DNA Web server arbitrary file read access

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

9.2CVSS5.7AI score0.00049EPSS

Exploits0References1

Cvelist•added 2026/02/12 6:4 a.m.•31 views

CVE-2025-15577 Valmet DNA Web server arbitrary file read access

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

9.2CVSS0.00049EPSS

Exploits0References1

CVE•added 2026/02/12 6:4 a.m.•10 views

CVE-2025-15577

CVE-2025-15577 : An unauthenticated attacker can exploit a URL manipulation vulnerability to achieve arbitrary file read on Valmet DNA Web Tools: C2022 and older. The CVE is rated CRITICAL (CVSSv4.0: AV:N/AC:L/PR:N/UI:N/S:U/VI:N/VC:H/VS:N/VA:N/AT:N/AC:H/E:P) with network access, low complexity, a...

9.2CVSS5.7AI score0.00049EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/02/12 12:0 a.m.•3 views

PT-2026-7829

An unauthenticated attacker can exploit this vulnerability by manipulating URL to achieve arbitrary file read access.This issue affects Valmet DNA Web Tools: C2022 and older...

9.2CVSS5.7AI score0.00049EPSS

Exploits0References2

Positive Technologies•added 2026/01/30 12:0 a.m.•3 views

PT-2026-5405

Name of the Vulnerable Software and Affected Versions AWStats version 8.0 Description AWStats version 8.0 contains a command injection issue due to an unsafe use of the open function in Perl when processing HTTP GET parameters. Specifically, the presence of a pipe symbol '|' within a parameter ca...

7.8CVSS6.4AI score0.0007EPSS

Exploits1References12

Snyk•added 2026/01/16 4:43 p.m.•0 views

Malicious Package

Overview nyse-web-tools-common is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS6.8AI score

Exploits0References2

EUVD•added 2026/01/16 12:10 a.m.•2 views

EUVD-2026-3063

Malicious code in nyse-web-tools-common npm...

6.6AI score

Exploits0References1

OSV•added 2026/01/16 12:10 a.m.•3 views

MAL-2026-296 Malicious code in nyse-web-tools-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b342ea907a70673cd21fd5f5a5de071c5af10278ab0cdc695cdd98e37bb8063 The package nyse-web-tools-common was found to contain malicious code. Source: ghsa-malware...

6.8AI score

Exploits0References1

OSSF Malicious Packages•added 2026/01/16 12:10 a.m.•3 views

Malicious code in nyse-web-tools-common (npm)

6.9AI score

Exploits0References1

RedhatCVE•added 2026/01/09 10:50 a.m.•6 views

CVE-2022-37775

Genesys PureConnect Interaction Web Tools Chat Service up to at least 26- September- 2019 allows XSS within the Printable Chat History via the participant - name JSON POST parameter...

6.1CVSS6AI score0.00432EPSS

Exploits3References1

The Hacker News•added 2025/11/03 12:56 p.m.•23 views

⚡ Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are getting smarter and harder to stop. This week, hackers used sneaky tools, tricked trusted systems, and quickly took advantage of new security problems—some just hours after being found. No system was fully safe. From spying and fake job scams to strong ransomware and tricky...

10CVSS9.3AI score0.94436EPSS

Exploits88

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-7948

Malware in sbrugna...

7.1CVSS6.7AI score0.00165EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2006-4044

Malware in sbrugna...

7.5CVSS6.4AI score0.08799EPSS

Exploits1References8