CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

170 matches found

Packet Storm•added 2026/04/20 12:0 a.m.•42 views

📄 dcontrol 1.0.9 Keyboard Injection Remote Code Execution

dcontrol version 1.0.9 is vulnerable to an unauthenticated remote code execution via keyboard input injection. The /control-api/monitor/sendkey and /control-api/monitor/sendtext endpoints allow an unauthenticated attacker to simulate keyboard input on the target system. By chaining these endpoint...

6.7AI score

Exploits0

NVD•added 2026/03/27 4:16 p.m.•0 views

CVE-2026-30302

The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser the Unix-based shell-quote library to analyze commands on the...

10CVSS0.0044EPSS

Exploits0References1

EUVD•added 2026/03/23 9:30 a.m.•0 views

EUVD-2026-14385

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface and gain root access to the underlying Linux based OS, leading to full compromise of the device...

10CVSS5.8AI score0.00136EPSS

Exploits0References2

NVD•added 2026/03/23 8:16 a.m.•2 views

CVE-2026-3587

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device...

10CVSS0.00136EPSS

Exploits0References1

Vulnrichment•added 2026/03/05 9:59 p.m.•0 views

CVE-2026-28391 OpenClaw < 2026.2.2 - Command Injection via cmd.exe Parsing Bypass in Allowlist Enforcement

OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests non-default configuration, allowing attackers to bypass command approval restrictions. Remote attackers can craft command strings with shell metacharacters like & or %...%...

9.8CVSS5.9AI score0.00081EPSS

Exploits0References3

RedhatCVE•added 2026/01/24 9:15 p.m.•2 views

CVE-2021-47891

Unified Remote 3.9.0.2463 contains a remote code execution vulnerability that allows attackers to send crafted network packets to execute arbitrary commands. Attackers can exploit the service by connecting to port 9512 and sending specially crafted packets to open a command prompt and download an...

9.8CVSS6.8AI score0.00322EPSS

Exploits0References1

Positive Technologies•added 2026/01/23 12:0 a.m.•2 views

PT-2026-4507

Name of the Vulnerable Software and Affected Versions Unified Remote version 3.9.0.2463 Description The software contains a remote code execution issue that allows attackers to execute arbitrary commands. An attacker can exploit the service by connecting to port 9512 and sending specially crafted...

9.8CVSS6.7AI score0.00322EPSS

Exploits0References7

Malwarebytes•added 2026/01/20 2:40 p.m.•5 views

Fake extension crashes browsers to trick users into infecting themselves

Researchers have found another method used in the spirit of ClickFix: CrashFix. ClickFix campaigns use convincing lures—historically “Human Verification” screens—to trick the user into pasting a command from the clipboard. After fake Windows update screens, video tutorials for Mac users, and many...

6.1AI score

Exploits0

RedhatCVE•added 2025/10/15 12:42 p.m.•1 views

CVE-2025-9068

A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File MSI repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This...

8.5CVSS6.7AI score0.00012EPSS

Exploits0References1

OSV•added 2025/10/14 1:15 p.m.•0 views

CVE-2025-9067

A security issue exists within the x86 Microsoft Installer File MSI, installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges...

7.8CVSS5.8AI score

Exploits0References1

EUVD•added 2025/10/14 12:24 p.m.•1 views

EUVD-2025-34181

8.5CVSS6.2AI score0.00012EPSS

Exploits0References2

Vulnrichment•added 2025/10/14 12:24 p.m.•1 views

CVE-2025-9067 Rockwell Automation FactoryTalk® Linx Privilege Escalation Vulnerabilities

8.5CVSS6.4AI score0.00012EPSS

Exploits0References1

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-41916

Name of the Vulnerable Software and Affected Versions FTLinx versions affected versions not specified Description A security issue exists in the x86 Microsoft Installer MSI used with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting...

8.5CVSS6.2AI score0.00012EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-9248

Malware in sbrugna...

8.4CVSS8.2AI score0.00046EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-5081

Malware in sbrugna...

7.8CVSS7.5AI score0.00175EPSS

Exploits3References7