CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

217 matches found

Nuclei•added 2026/05/29 3:59 a.m.•26 views

Aviatrix Controller - Remote Code Execution

An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloudtype for...

10CVSS7.8AI score0.94362EPSS

Exploits5References4

Nuclei•added 2026/05/28 5:39 a.m.•62 views

Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution

Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. id: CVE-2021-40870 info: name: Aviatrix Controller 6.x before 6.5-1804.192...

9.8CVSS7.7AI score0.9426EPSS

Exploits5References5

vulnersOsv•added 2026/01/13 9:31 p.m.•0 views

acido (=0.15.0), adstoolbox (>=2025.12.2.2 <=2026.4.21) +207 more potentially affected by CVE-2026-21226 via azure-core (>=1.10.0 <=1.37.0)

azure-core PYPI version =1.10.0, =2025.12.2.2, =0.1.12, =0.1.31, =0.1.1, =0.0.2, =0.0.53, =0.1.0, =0.9.0, =0.2.100, =0.2.123, =1.0.0, =1.0.0, =0.1.0b1, =0.1.0b2 and more Source cves: CVE-2026-21226 Source advisory: OSV:GHSA-JM66-CG57-JJV5...

7.5CVSS5.8AI score0.02696EPSS

Exploits0

RedhatCVE•added 2026/01/09 11:24 a.m.•3 views

CVE-2021-31776

Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search path that enables local privilege escalation to the SYSTEM user, if the machine is misconfigured to allow unprivileged users to write to directories that are supposed to be restricted to administrators...

7.8CVSS7.1AI score0.00048EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:56 a.m.•3 views

CVE-2022-38368

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands...

8.8CVSS6.9AI score0.00434EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:0 a.m.•3 views

CVE-2020-7224

The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL parameters are altered from the issued value set; the parameters could allow unauthorized third-party libraries to load...

9.8CVSS6.7AI score0.00623EPSS

Exploits0References1

Tenable Nessus•added 2025/10/29 12:0 a.m.•3 views

Aviatrix Controller Unrestricted Upload of File (CVE-2021-40870)

While the Aviatrix UI requires authentication, many API calls do not enforce a check for authentication. Some of these API calls allow an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem. These uploaded scripts will be processed by the web frontend,...

9.8CVSS8.5AI score0.9426EPSS

Exploits5References2

Tenable Nessus•added 2025/10/23 12:0 a.m.•3 views

Aviatrix Controllers < 7.1.4191 / 7.2 < 7.2.4996 RCE

The version of Aviatrix Controller installed on the remote host is prior to 7.1.4191 for 7.1.x or prior to 7.2.4996 for 7.2.x. It is, therefore, affected by an OS command injection vulnerability caused by improper neutralization of special elements in API input. An unauthenticated attacker can se...

10CVSS9.6AI score0.94362EPSS

Exploits5References2

OSV•added 2025/10/08 10:12 a.m.•0 views

MAL-2025-48092 Malicious code in @aviatrixdev/flight-suit1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f67f0297879682bb09001ab95a186ca13c641603c6a4694b81972b68d8a7b55d The OpenSSF Package Analysis project identified '@aviatrixdev/flight-suit1' @ 1.1.25050 npm as malicious. It is considered malicious because: -...

7.1AI score

Exploits0