CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

205968 matches found

OSV•added 2026/03/14 4:26 p.m.•5 views

CLSA-2026-1773505564 vim: Fix of CVE-2026-26269

CVE-2026-26269: fix stack-based buffer overflow in NetBeans integration that could lead to a crash or arbitrary code execution via a malicious server...

7.5CVSS6.9AI score0.00284EPSS

Exploits0References1

Veracode•added 2026/03/14 5:21 a.m.•5 views

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...

9.3CVSS6.2AI score0.00665EPSS

Exploits0References3Affected Software1

Snyk•added 2026/03/13 10:41 p.m.•3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the handling of coordinates due to insufficient validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can achieve arbitrary code execution by enticing a use...

8.5CVSS7.7AI score0.00648EPSS

Exploits0References2

Snyk•added 2026/03/13 10:41 p.m.•3 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the processing of APS units due to insufficient validation of user-supplied data. An attacker can achieve arbitrary code execution by providing crafted input that triggers a write past the end of an allocated buff...

8.5CVSS7.8AI score0.00376EPSS

Exploits0References2

EUVD•added 2026/03/13 9:31 p.m.•7 views

EUVD-2026-12037

There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS6AI score0.00229EPSS

Exploits0References2

EUVD•added 2026/03/13 9:31 p.m.•4 views

EUVD-2026-12039

There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted...

8.5CVSS6AI score0.00202EPSS

Exploits0References2

EUVD•added 2026/03/13 9:31 p.m.•5 views

EUVD-2026-12041

8.5CVSS6AI score0.0023EPSS

Exploits0References2

EUVD•added 2026/03/13 9:25 p.m.•5 views

EUVD-2026-12177

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts i...

4.2CVSS6AI score0.00388EPSS

Exploits1References2

ATTACKERKB•added 2026/03/13 9:25 p.m.•3 views

CVE-2026-32719

4.2CVSS6AI score0.00388EPSS

Exploits1References3Affected Software1

Snyk•added 2026/03/13 8:55 p.m.•3 views

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic plugin discovery in .openclaw/extensions/. An attacker can execute arbitrary code by including a malicious plugin in a cloned repository,...

8.8CVSS6.1AI score0.00331EPSS

Exploits0References2

OSV•added 2026/03/13 8:55 p.m.•9 views

GHSA-99QW-6MR3-36QR OpenClaw: Workspace plugin auto-discovery allowed code execution from cloned repositories

Summary OpenClaw automatically discovered and loaded plugins from .openclaw/extensions/ inside the current workspace without an explicit trust or install step. A malicious repository could include a crafted workspace plugin that executed as soon as a user ran OpenClaw from that cloned directory...

8.5CVSS6.4AI score0.00331EPSS

Exploits0References5

Cvelist•added 2026/03/13 8:40 p.m.•23 views

CVE-2026-3086 GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability

GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary...

7.8CVSS0.00376EPSS

Exploits0References2

Snyk•added 2026/03/13 8:38 p.m.•5 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the RealMedia Demuxer in gst-plugins-ugly. An attacker can achieve arbitrary code execution by enticing a user to open a specially crafted RealMedia file, resulting in an out-of-bounds write during the processing ...

8.4CVSS7.7AI score0.00383EPSS

Exploits0References3

CVE•added 2026/03/13 8:37 p.m.•15 views

CVE-2026-3562

The CVE-2026-3562 entry concerns Philips Hue Bridge hk_hap with an Ed25519 signature verification bug in ed25519_sign_open. The issue allows network-adjacent attackers to bypass authentication and execute arbitrary code on affected installations without authentication. Root cause is improper veri...

8.8CVSS7AI score0.0029EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/13 8:37 p.m.•2 views

CVE-2026-3562

Philips Hue Bridge hkhap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific...

6.3CVSS6.2AI score0.0029EPSS

Exploits0References2Affected Software1