CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31231 matches found

Debian CVE•added 2026/03/20 8:13 p.m.•7 views

CVE-2026-33151

Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server...

8.7CVSS5.8AI score0.00514EPSS

Exploits0

ATTACKERKB•added 2026/03/20 8:13 p.m.•3 views

CVE-2026-33151

8.7CVSS5.9AI score0.00514EPSS

Exploits0References5Affected Software1

OSV•added 2026/03/20 8:13 p.m.•3 views

CVE-2026-33151 socket.io allows an unbounded number of binary attachments

8.7CVSS5.8AI score0.00514EPSS

Exploits0References6

CVE•added 2026/03/20 8:13 p.m.•33 views

CVE-2026-33151

CVE-2026-33151 affects Socket.IO. In affected releases (prior to 3.3.5, 3.4.4, and 4.2.6) a crafted Socket.IO packet can cause the server to buffer a large number of binary attachments, potentially exhausting memory. The vulnerability is patched in 3.3.5, 3.4.4, and 4.2.6. Some connected IBM bull...

8.7CVSS5.9AI score0.00514EPSS

Exploits0References4Affected Software1

NVD•added 2026/03/20 11:18 a.m.•4 views

CVE-2026-25792

Greenshot is an open source Windows screenshot utility. Versions 1.3.312 and below have untrusted executable search path / binary hijacking vulnerability that allows a local attacker to execute arbitrary code when the affected Windows application launches explorer.exe without using an absolute...

6.5CVSS0.00193EPSS

Exploits1References1

Vulnrichment•added 2026/03/20 10:4 a.m.•3 views

CVE-2026-25792 Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin

6.5CVSS6.6AI score0.00193EPSS

Exploits1References1

ATTACKERKB•added 2026/03/20 10:4 a.m.•5 views

CVE-2026-25792

6.5CVSS6.6AI score0.00193EPSS

Exploits1References2Affected Software1

EUVD•added 2026/03/20 10:4 a.m.•3 views

EUVD-2026-13661

6.5CVSS6.6AI score0.00193EPSS

Exploits1References1

OSV•added 2026/03/20 10:4 a.m.•3 views

CVE-2026-25792 Greenshot Vulnerable to OS Command Injection via ExternalCommand Plugin

6.5CVSS6.6AI score0.00193EPSS

Exploits1References3

CNNVD•added 2026/03/20 12:0 a.m.•6 views

Socket.IO 代码问题漏洞

Socket.IO is a JavaScript library developed by Socket.IO Inc., aimed at real-time web applications. Versions of Socket.IO prior to 3.3.5, 3.4.4, and 4.2.6 contained code vulnerabilities. These vulnerabilities stemmed from the fact that servers would buffer large amounts of binary attachments when...

8.7CVSS6AI score0.00514EPSS

Exploits0References5

Vulnrichment•added 2026/03/19 10:6 p.m.•4 views

CVE-2026-32009 OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins

OpenClaw versions prior to 2026.2.24 contain a policy bypass vulnerability in the safeBins allowlist evaluation that trusts static default directories including writable package-manager paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can...

7CVSS6.1AI score0.00133EPSS

Exploits0References3

Cvelist•added 2026/03/19 10:6 p.m.•18 views

CVE-2026-32009 OpenClaw < 2026.2.24 - Binary Hijacking via Static Default Trusted Directories in safeBins

7CVSS0.00133EPSS

Exploits0References3

CVE•added 2026/03/19 10:6 p.m.•12 views

CVE-2026-32009

OpenClaw prior to 2026.2.24 contains a policy bypass in the safeBins allowlist evaluation that trusts static default directories, including writable paths like /opt/homebrew/bin and /usr/local/bin. An attacker with write access to these trusted directories can place a malicious binary with the sa...

7.8CVSS6.1AI score0.00133EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/03/19 12:0 a.m.•8 views

OpenClaw 代码问题漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a code issue vulnerability that can be exploited by an attacker to bypass the allow list check and execute a trojan binary...

7.8CVSS5.9AI score0.00128EPSS

Exploits0References3

OSV•added 2026/03/18 5:26 p.m.•4 views

GHSA-677M-J7P3-52F9 socket.io allows an unbounded number of binary attachments

Impact A specially crafted Socket.IO packet can make the server wait for a large number of binary attachments and buffer them, which can be exploited to make the server run out of memory. Patches | Version range | Used by | Fixed version |...

8.7CVSS6AI score0.00514EPSS

Exploits0References6

Github Security Blog•added 2026/03/18 5:26 p.m.•6 views

socket.io allows an unbounded number of binary attachments

8.7CVSS6AI score0.00514EPSS

Exploits0References6Affected Software1

Cvelist•added 2026/03/18 1:34 a.m.•35 views

CVE-2026-22217 OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback

OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variabl...

6.1CVSS0.00125EPSS

Exploits0References3

Vulnrichment•added 2026/03/18 1:34 a.m.•1 views

CVE-2026-22217 OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback

6.1CVSS6.5AI score0.00125EPSS

Exploits0References3

CNNVD•added 2026/03/18 12:0 a.m.•5 views

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an arbitrary code execution vulnerability that can be exploited by an attacker to execute an attacker-controlled binary...

7.8CVSS6.4AI score0.00125EPSS

Exploits0References3

Positive Technologies•added 2026/03/18 12:0 a.m.•5 views

PT-2026-26200

8.7CVSS6AI score0.00514EPSS

Exploits0References9

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by