CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

138 matches found

vulnersOsv•added 2026/05/05 9:50 p.m.•3 views

org.webjars.npm:npmcli__agent (>=2.2.2 <=3.0.0), org.webjars.npm:pac-proxy-agent (=4.1.0) +6 more potentially affected by CVE-2026-42338 via org.webjars.npm:ip-address (>=5.8.9 <=9.0.5)

org.webjars.npm:ip-address MAVEN version =5.8.9, =2.2.2, =2.8.3, =5.0.0, =8.0.5 - org.webjars.npm:socks5-client =1.2.6 - org.webjars.npm:socks5-http-client =1.0.4 - org.webjars.npm:socks5-https-client =1.2.1 Source cves: CVE-2026-42338 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16636414...

6.1CVSS5.8AI score0.00012EPSS

Exploits1

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31585

Name of the Vulnerable Software and Affected Versions D-Link DIR-882 version 1.01B02 Description A flaw exists in the sprintf function within the prog.cgi file of the HNAP1 SetNetworkSettings Handler component. Manipulation of the IPAddress argument can lead to operating system command injection...

8.6CVSS7AI score0.00118EPSS

Exploits1References9

ATTACKERKB•added 2026/03/18 12:0 a.m.•2 views

CVE-2025-55045

The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious websites to forge requests that add, modify, or delete user addresses...

5.8AI score0.00018EPSS

Exploits0References4

Positive Technologies•added 2026/03/06 12:0 a.m.•4 views

PT-2026-23625

Name of the Vulnerable Software and Affected Versions Wavlink WL-NU516U1 version V240425 Description A stack-based buffer overflow exists in the function sub 401A0C within the file /cgi-bin/login.cgi. Manipulation of the ipaddr argument can trigger this issue, allowing for remote exploitation. Th...

8.6CVSS7.5AI score0.00145EPSS

Exploits1References9

RedhatCVE•added 2026/01/09 11:22 a.m.•7 views

CVE-2021-22433

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed...

9.8CVSS7AI score0.00247EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:21 a.m.•6 views

CVE-2021-22426

There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed...

9.8CVSS7AI score0.00247EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:9 a.m.•6 views

CVE-2019-11868

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to...

7.8CVSS6.9AI score0.00126EPSS

Exploits0References1

EUVD•added 2025/12/09 6:30 p.m.•2 views

EUVD-2025-201880

The Login Security, FireWall, Malware removal by CleanTalk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the page URL in all versions up to, and including, 2.168 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

7.2CVSS4.8AI score0.00142EPSS

Exploits0References3

CVE•added 2025/12/09 4:36 a.m.•12 views

CVE-2025-13604

CVE-2025-13604 is a stored XSS in the WordPress plugin “Login Security, FireWall, Malware removal by CleanTalk” (versions ≤ 2.168). The root cause is insufficient input sanitization and output escaping on the page URL, enabling unauthenticated attackers to inject scripts executed when users load ...

7.2CVSS4.9AI score0.00142EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-10578

Malware in sbrugna...

6.5CVSS6.7AI score0.00382EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-18410

Malware in sbrugna...

7.5CVSS7.6AI score0.00315EPSS

Exploits1References2