CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added yesterday•7 views

PT-2026-50689

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.4CVSS5.7AI score

Positive Technologies•added yesterday•6 views

PT-2026-50685

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.5AI score

ATTACKERKB•added yesterday•4 views

CVE-2026-38715

ATTACKERKB•added yesterday•3 views

CVE-2026-38716

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

ATTACKERKB•added yesterday•3 views

CVE-2026-38714

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

EUVD•added yesterday•4 views

EUVD-2026-37918

Packet Storm•added yesterday•13 views

📄 Wing FTP Server 8.1.2 Authenticated Remote Code Execution

Wing FTP Server versions prior to 8.1.3 allows authenticated administrators to execute arbitrary Lua code on the server. ================================================================================================================================== | Title : Wing FTP Server 8.1.2 - Authenticat...

8.6CVSS5.9AI score0.02056EPSS

Exploits5

Packet Storm•added yesterday•10 views

📄 Grav CMS Zip Slip Remote Code Execution

This Metasploit module exploits a vulnerability in Grav CMS versions prior to 2.0.0-beta.2. The Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files...

9.1CVSS5.3AI score0.03934EPSS

Exploits4

Packet Storm•added yesterday•10 views

📄 Microsoft Windows Defender MsMpEng.exe Race Condition / Privilege Escalation

A race condition exists between Windows Defender's MpCleanCallbackFunction cleanup routine and Volume Shadow Copy creation. This vulnerability allows an attacker to escalate privileges to NT AUTHORITY\SYSTEM. This Metasploit module demonstrates the issue...

5.3AI score

Exploits0

Packet Storm•added yesterday•10 views

📄 WordPress PickPlugins 2.0.46 OTP Bypass

WordPress PickPlugins plugin version 2.0.46 proof of concept user verification OTP authentication bypass exploit. ================================================================================================================================== | Title : WordPress PickPlugins 2.0.46 User...

9.8CVSS5.3AI score0.00578EPSS

Exploits3

CVE•added yesterday•4 views

CVE-2026-38716

InHand Networks CVE-2026-38716 affects IR912 IR915 devices (V1.0.0.r20042 and earlier). The vulnerability is a command injection in the Python application export function that allows a remote attacker to execute arbitrary commands as root via a crafted input. The CVSS-derived metrics indicate a h...

9.8CVSS6AI score

CVE•added yesterday•5 views

CVE-2026-38717

The CVE-2026-38717 entry concerns InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (and earlier) with a command injection vulnerability in the file upload function. The root cause is improper handling of crafted input in the upload process, enabling remote attackers to execute arbitrar...

Positive Technologies•added yesterday•9 views

PT-2026-50700

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

5.8AI score

CVE•added yesterday•8 views

CVE-2026-38714

CVE-2026-38714 affects InHand Networks IR912 and IR915 devices (firmware v1.0.0.r20042 and earlier). A command-injection flaw exists in the Python configuration function, allowing remote attackers to execute arbitrary commands as root via a crafted input. Documents do not specify exploited vector...

9.8CVSS6AI score

Redos•added yesterday•3 views

ROS-20260618-73-0005

The vulnerability of the MSL Magick Scripting Language command in the console-based image editing tool ImageMagick is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.6AI score0.00161EPSS

Exploits1

Redos•added yesterday•3 views

ROS-20260618-73-0006

5.5CVSS5.6AI score0.00161EPSS

Exploits1

ATTACKERKB•added yesterday•2 views

CVE-2026-38717

9.8CVSS5.8AI score