CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

151 matches found

Packet Storm•added 2026/05/11 12:0 a.m.•70 views

📄 Oracle WebLogic WLS-WSAT XMLDecoder Remote Code Execution

This script is a Python-based proof of concept exploit targeting a deserialization vulnerability in Oracle WebLogic Server's WLS-WSAT component. The vulnerability allows unauthenticated attackers to execute arbitrary system commands via crafted SOAP requests sent to the...

7.5CVSS7.7AI score0.94439EPSS

Exploits45

Positive Technologies•added 2026/05/07 12:0 a.m.•4 views

PT-2026-38422

Date: May 7, 2026 Status: ACTIVE GLOBAL EXPLOITATION / STATE-SPONSORED CAMPAIGN Target: Palo Alto Networks PAN-OS GlobalProtect Gateway / Management Interface Severity: 10.0 MAXIMUM CRITICAL Unauthenticated Remote Root Code Execution 1. Analysis: Why "PAN-Optic" is Today's Apex Threat While the...

5.8AI score

Exploits0References1

ATTACKERKB•added 2026/04/16 9:39 a.m.•2 views

CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files...

3.5CVSS5.8AI score0.00027EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/04/08 7:57 p.m.•2 views

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

5.4CVSS5.8AI score0.00034EPSS

Exploits0References1

GithubExploit•added 2026/04/08 9:18 a.m.•119 views

Exploit for CVE-2026-34197

CVE-2026-34197 CVE-2026-34197 activemq PoC PoC for the Activ...

8.8CVSS6AI score0.83461EPSS

Exploits11

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30986

5.4CVSS5.8AI score0.00034EPSS

Exploits0References5

Positive Technologies•added 2026/01/13 12:0 a.m.•4 views

PT-2026-2419

Name of the Vulnerable Software and Affected Versions Inbit Messenger versions 4.6.0 through 4.9.0 Description Inbit Messenger versions 4.6.0 through 4.9.0 have a remote command execution issue. Unauthenticated attackers can execute arbitrary commands by exploiting a stack overflow in the...

9.8CVSS7.9AI score0.00658EPSS

Exploits1References8

NVD•added 2025/12/08 9:15 a.m.•2 views

CVE-2025-26489

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0...

6.5CVSS0.0015EPSS

Exploits0References1