CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44738 matches found

EUVD•added 2026/01/29 5:31 p.m.•3 views

EUVD-2025-206536

The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted by a shell, allowing execution of arbitrary commands with root privileges. Successful exploitation allows the attack...

7.3CVSS6.1AI score0.00039EPSS

Exploits2References3

OSV•added 2026/01/29 3:50 p.m.•3 views

MAL-2026-605 Malicious code in dhgshop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dcf692c43737b2f7360ab017ae983283e98b2d2591a90a3efff90685a95d2632 The package dhgshop was found to contain malicious code. Source: ossf-package-analysis 194b5b6f2e47a1b70386a65d094c4b7d07a4fad392f36512b21542203c931d...

5.4AI score

Exploits0

NVD•added 2026/01/29 3:16 p.m.•7 views

CVE-2020-37002

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS0.00507EPSS

Exploits0References3

ATTACKERKB•added 2026/01/29 2:28 p.m.•3 views

CVE-2020-37002

9.8CVSS6.2AI score0.00507EPSS

Exploits0References3Affected Software1

OSV•added 2026/01/29 10:8 a.m.•5 views

MAL-2026-601 Malicious code in tableautes (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 db2caf2b50286de83c99e588ab33e86d828ff3c39fd0dac1c5f3da229cdfced7 Packages contain hidden code that is effectively run during importing or using the library, and downloads second stage code. Then, a process running in...

6.1AI score

Exploits0References3

GithubExploit•added 2026/01/29 7:56 a.m.•127 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182-PoC-http-exec PoC terkait CVE-2025-55182 untu...

10CVSS6AI score0.83197EPSS

Exploits364

OSV•added 2026/01/29 12:3 a.m.•4 views

MAL-2026-596 Malicious code in turbotax (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 482f0494fdcfb328794613ca7098174eb93b12a55cc53cb57b73930df8ad238a The package turbotax was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score

Exploits0

Positive Technologies•added 2026/01/29 12:0 a.m.•4 views

PT-2026-5278

Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

9.8CVSS6.2AI score0.00507EPSS

Exploits0References4

Vulnrichment•added 2026/01/29 12:0 a.m.•3 views

CVE-2025-69516

A Server-Side Template Injection SSTI vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged users with Report Viewer or Report Manager permissions to achieve remote command execution on the...

6.1AI score0.55581EPSS

Exploits4References3

EUVD•added 2026/01/29 12:0 a.m.•4 views

EUVD-2025-206512

8.8CVSS6.1AI score0.55581EPSS

Exploits4References3

CNNVD•added 2026/01/29 12:0 a.m.•3 views

TP-Link Archer RE605X security vulnerabilities

The TP-Link Archer RE605X is a wireless signal amplifier produced by the TP-Link company. The TP-Link Archer RE605X has a security vulnerability, which stems from the backup restoration function not properly verifying unexpected or unidentifiable tags in the backup files, potentially allowing for...

7.3CVSS6AI score0.00039EPSS

Exploits2References4

ATTACKERKB•added 2026/01/29 12:0 a.m.•4 views

CVE-2025-69516

8.8CVSS6.1AI score0.55581EPSS

Exploits4References4

CNNVD•added 2026/01/29 12:0 a.m.•2 views

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

6.8CVSS6.1AI score0.00087EPSS

Exploits0References1

Packet Storm•added 2026/01/29 12:0 a.m.•118 views

📄 Zimbra Collaboration Suite Postjournal 10.0.x Remote Code Execution

A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...

6.3AI score

Exploits0

Github Security Blog•added 2026/01/28 6:30 p.m.•3 views

Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field

Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads like '=10+20+cmd|' /C calc'!A0' in the message field to trigger arbitrary command execution when...

9.8CVSS5.8AI score0.00347EPSS

Exploits1References8Affected Software1

OSV•added 2026/01/28 6:30 p.m.•2 views

GHSA-4Q3W-JGFX-4792 Tendenci is Vulnerable to CSV Formula Injection through its Contact Form Message Field

9.8CVSS5.8AI score0.00347EPSS

Exploits1References7

OSV•added 2026/01/28 6:16 p.m.•3 views

CVE-2020-36962

5.3CVSS5.8AI score

Exploits0References4

NVD•added 2026/01/28 6:16 p.m.•4 views

CVE-2020-36962