CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/16 4:45 a.m.•6 views

CVE-2026-22615

The CVE-2026-22615 entry for Eaton IPP XML handling is a concrete issue: improper input validation could allow an admin with local access to inject code, enabling arbitrary command execution. The impact is tied to Eaton Intelligent Power Protector (IPP) XML processing, with the root cause describ...

7.2CVSS5.9AI score0.0003EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/04/16 4:45 a.m.•2 views

CVE-2026-22615

6CVSS5.9AI score0.0003EPSS

CVE•added 2026/04/16 2:24 a.m.•5 views

CVE-2026-6349

CVE-2026-6349 affects HGiga’s iSherlock. The connected records report an OS Command Injection vulnerability that enables unauthenticated attackers to inject and execute arbitrary OS commands on the server. The CVSS metadata indicates a critical impact (base score 10.0) with network access, low at...

9.8CVSS6AI score0.02957EPSS

Tenable Nessus•added 2026/04/16 12:0 a.m.•4 views

SUSE SLES12 Security Update : vim (SUSE-SU-2026:1347-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1347-1 advisory. Update to version 9.2.0280. - CVE-2026-34982: missing input validation allows for a modeline sandbox bypass and can lead to arbitrary OS comman...

9.2CVSS6.8AI score0.00034EPSS

Exploits0References10

CNNVD•added 2026/04/16 12:0 a.m.•4 views

HGiga iSherlock 安全漏洞

HGiga iSherlock is a series of software products developed by the Chinese company HGiga. HGiga iSherlock has a security vulnerability, which stems from OS command injection, potentially allowing for the execution of arbitrary OS commands...

9.8CVSS6AI score0.02957EPSS

Exploits0References3

Positive Technologies•added 2026/04/16 12:0 a.m.•1 views

PT-2026-33256

6CVSS5.9AI score0.0003EPSS

Positive Technologies•added 2026/04/16 12:0 a.m.•2 views

PT-2026-33361

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description An issue exists in the MCP adapter due to unsafe serialization of stdio commands, allowing an authenticated attacker to achieve command execution on the underlying operating system. The flaw is locat...

9.9CVSS6.2AI score0.00074EPSS

Exploits1References26

EUVD•added 2026/04/15 9:30 p.m.•3 views

EUVD-2026-23031

CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access to the internal database and execute arbitrary OS commands as the Nexus process user. Exploitatio...

NVD•added 2026/04/15 7:16 p.m.•2 views

Exploits0References3

CVE-2026-5189

9.2CVSS0.00042EPSS

ATTACKERKB•added 2026/04/15 6:43 p.m.•1 views

CVE-2026-5189

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/15 6:43 p.m.•0 views

CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component

CVE•added 2026/04/15 6:43 p.m.•5 views

CVE-2026-5189

CVE-2026-5189 involves Sonatype Nexus Repository Manager versions 3.0.0–3.70.5 where a hard-coded credential in the internal database component can be exploited by an unauthenticated attacker with network access. The vulnerability enables read/write access to the internal database and allows exec...

Cvelist•added 2026/04/15 6:43 p.m.•14 views

CVE-2026-5189 Nexus Repository 3 - Hardcoded Credential in Internal Database Component

9.2CVSS0.00042EPSS

EUVD•added 2026/04/15 6:31 p.m.•3 views

EUVD-2026-22962

A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...

9.9CVSS6.2AI score0.00321EPSS

EUVD•added 2026/04/15 6:31 p.m.•2 views

EUVD-2026-22938

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

8CVSS6.3AI score0.00065EPSS

NVD•added 2026/04/15 5:17 p.m.•3 views

CVE-2026-20180

A vulnerability in Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have at least Read Only Admin credentials. This vulnerabilit...

9.9CVSS0.00469EPSS

Exploits1References1

NVD•added 2026/04/15 5:17 p.m.•1 views

CVE-2026-20186

9.9CVSS0.00377EPSS

NVD•added 2026/04/15 4:16 p.m.•0 views

CVE-2026-30616

Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, causing attacker-controlled commands to be executed on the server. Successful exploitation result...

7.3CVSS0.00201EPSS

NVD•added 2026/04/15 4:16 p.m.•0 views

CVE-2026-30617

LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface and configure an MCP STDIO server with attacker-controlled commands and arguments. When...

8.6CVSS0.00207EPSS