CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

272020 matches found

Siemens RuggedCom Rox Heap-based Buffer Overflow (CVE-2022-2347)

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

7.7CVSS7.2AI score0.0058EPSS

Exploits1References3

Tenable Nessus•added yesterday•2 views

Rclone 1.46.x < 1.74.3 Unauthenticated Command Execution

The version of Rclone installed on the remote host is 1.46.x prior to 1.74.3. It is, therefore, affected by an unauthenticated command execution vulnerability: - rclone rcd --rc-serve accepts unauthenticated GET and HEAD requests to paths of the form /remote:path/object. The remote value is parse...

6.1AI score0.00371EPSS

Exploits0References2

Tenable Nessus•added yesterday•3 views

MongoDB Compass < 1.49.6 Prototype Pollution

The version of MongoDB Compass installed on the remote host is prior to 1.49.6. It is, therefore, affected by a vulnerability: - Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leadi...

5.3CVSS5.9AI score0.004EPSS

Exploits0References2

Tenable Nessus•added yesterday•4 views

Debian dsa-6349 : atril - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6349 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6349-1 [email protected] https://www.debian.org/security/...

8.4CVSS5.8AI score0.00421EPSS

Exploits0References4

Tenable Nessus•added yesterday•3 views

Ruby net-imap < 0.5.15 / 0.6.x < 0.6.4.1 Multiple Vulnerabilities

The version of the net-imap Ruby library installed on the remote host is prior to 0.5.15, or 0.6.x prior to 0.6.4.1. It is, therefore, affected by multiple vulnerabilities. - Several Net::IMAP commands accept a raw data argument that is sent verbatim after validation to prevent command injection...

6.1AI score0.00438EPSS

Exploits0References6

Tenable Nessus•added yesterday•3 views

RHEL 9 : redhat-ds:12 (RHSA-2026:26639)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26639 advisory. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP...

7.5CVSS6AI score0.00815EPSS

Exploits0References4

Microsoft Secure•added 2 days ago•6 views

Crypto Clipper uses Tor and worm-like propagation for persistence and control

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Threat Intelligence and Microsoft Defender Experts identified a Windows-based cryptocurrency clipper that has affected users since February of 2026. Clipper malware relies on...

6.5AI score

Exploits0

NVD•added 2 days ago•9 views

CVE-2026-48997

e107 is a content management system CMS. Versions 2.3.5 and earlier contain a command injection vulnerability in the ImageMagick resize destination path. In resizeimage, the source path is escaped with escapeshellarg, but the destination path is inserted inside raw double quotes in the convert...

7.1CVSS0.00747EPSS

Exploits0References2

OSSF Malicious Packages•added 2 days ago•7 views

Malicious code in ai-chat-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 39a12d35a8713a8f63eaf342901214a7f53fa396b9ee8218d246e5e0db7b6318 collect.js performs system reconnaissance and exfiltration to a hardcoded attacker-controlled host. The script imports childprocess, os, fs, http, an...

5.3AI score

Exploits0References3

OSV•added 2 days ago•4 views

MAL-2026-6086 Malicious code in ai-chat-helper (npm)

5.4AI score

Exploits0References3

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in @hotcappuccino/nodepull (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42e9bbd7a5cb25d0863ef140b42a7ab2abec1e921e18669eef3f07a91c3d6d99 @hotcappuccino/[email protected] ships a single index.js the package's declared main that is wrapped in an obfuscator.io string-array +...

5.5AI score

Exploits0References1

OSV•added 2 days ago•2 views

MAL-2026-6085 Malicious code in @hotcappuccino/nodepull (npm)

5.6AI score

Exploits0References1

Cvelist•added 2 days ago•18 views

CVE-2026-48997 e107: Command Injection via shell expansion in ImageMagick resize destination path

7.1CVSS0.00747EPSS

Exploits0References2

CVE•added 2 days ago•12 views

CVE-2026-48997

CVE-2026-48997 affects e107 CMS

7.1CVSS5.3AI score0.00747EPSS

Exploits0References2

Vulnrichment•added 2 days ago•4 views

CVE-2026-48997 e107: Command Injection via shell expansion in ImageMagick resize destination path

7.1CVSS5.2AI score0.00747EPSS

Exploits0References2

EUVD•added 2 days ago•5 views

EUVD-2026-37810

7.1CVSS5.3AI score0.00747EPSS

Exploits0References2

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in boardflow (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a7f48df7609edb5bab9d9e572f093994d071165578a58032a69392d62b08b86 On pip install boardflow, setup.py spawns a background thread that fetches http://pooron.org/test.exe over plain HTTP into the OS temp directory and...

6.6AI score

Exploits0References3

OSV•added 2 days ago•3 views

MAL-2026-6080 Malicious code in boardflow (PyPI)

6.7AI score

Exploits0References3

NVD•added 2 days ago•6 views

CVE-2026-55201

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS0.00304EPSS

Exploits0References3