CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added last week•13 views

CVE-2026-56078

PraisonAI before 1.5.115 contains a path traversal vulnerability in MultiAgentMonitor that fails to sanitize agent IDs when building file paths. Attackers can include traversal sequences like ../ in agent IDs to read, write, or overwrite arbitrary files, enabling sensitive disclosure, denial of...

8.8CVSS0.00687EPSS

OSSF Malicious Packages•added last week•12 views

Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score

OSV•added last week•6 views

DEBIAN-CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS6.1AI score0.00357EPSS

NVD•added last week•9 views

CVE-2026-43994

8.1CVSS0.00357EPSS

OSV•added last week•3 views

UBUNTU-CVE-2026-43994

8.1CVSS6.1AI score0.00357EPSS

Exploits0References5

NVD•added last week•11 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS0.00149EPSS

RedhatCVE•added last week•7 views

CVE-2026-52726

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. This vulnerability allows a remote attacker to achieve arbitrary code execution by crafting a malicious Git submodule. When a user clones or updates a repository with such a submodule, the...

7.5CVSS6.4AI score0.00448EPSS

Exploits0References5

CVE•added last week•14 views

CVE-2026-49248

OneDev CVE-2026-49248 affects versions 15.0.6 and earlier. TarUtils.untar() creates symbolic links using entry getLinkName() without validating absolute path targets; a following file entry can traverse the symlink and write to arbitrary server-side locations. This enables RCE-like behavior for a...

8.3CVSS5.4AI score0.00382EPSS

ATTACKERKB•added last week•6 views

CVE-2026-43994

8.1CVSS5.7AI score0.00357EPSS

Exploits0References3Affected Software1

Cvelist•added last week•16 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

8.1CVSS0.00357EPSS

Debian CVE•added last week•5 views

CVE-2026-43994

8.1CVSS6.1AI score0.00357EPSS

Exploits0

EUVD•added last week•10 views

EUVD-2026-37940

8.5CVSS6.3AI score0.00149EPSS

CVE•added last week•18 views

CVE-2026-25865

CVE-2026-25865 affects Punto Switcher 4.5.0.583. The vulnerability is an unquoted search path element invoked via WinExec when calling RunDll32.exe for shell32.dll Control_RunDLL input.dll, enabling local arbitrary code execution if an attacker places a malicious executable earlier in the search ...

8.5CVSS6.3AI score0.00149EPSS

NVD•added last week•10 views

CVE-2026-12390

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS0.00148EPSS

Metasploit•added last week•66 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.6AI score0.26468EPSS

Exploits3

EUVD•added last week•6 views

EUVD-2026-37930

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS5.4AI score0.00148EPSS

CVE•added last week•29 views

CVE-2026-12390

CVE-2026-12390 affects AzeoTech DAQFactory versions 21.1 and prior. A Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files to achieve code execution. The available documents confirm the affected product and the underlying flaw mechanism, but do not provi...

8.4CVSS5.4AI score0.00148EPSS