CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.5CVSS7.1AI score0.02138EPSS

php-censor: Operating system command injection vulnerability

php-censor is a continuous integration server for the open-source PHP project PHP Censor. Versions of php-censor 2.1.6 and earlier contain an operating system command injection vulnerability. This vulnerability stems from incorrect handling of the commitId parameter in the file...

Exploits0References8

7.5CVSS7.4AI score0.01761EPSS

CowAgent operating system command injection vulnerability

CowAgent is an intelligent assistant and scalable agent framework developed by zhayujie’s individual developer. Versions of CowAgent 2.0.8 and earlier had a vulnerability related to operating system command injection. This vulnerability stems from the getsafetywarning function in the...

Exploits0References7

CNNVD•added 2026/06/01 12:0 a.m.•7 views

goclaw operating system command injection vulnerability

Goclaw is an open-source multi-tenant AI agent platform developed by Next Level Builder. Goclaw versions 3.11.3 and earlier contained a vulnerability related to operating system command injection. This vulnerability originated from the FsBridge.WriteFile function in the internal/sandbox/fsbridge....

7.5CVSS7.4AI score0.01761EPSS

Exploits0References7

Packet Storm•added 2026/06/01 12:0 a.m.•30 views

📄 dwol 1.0.0 Command Injection

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...

5.9AI score

Exploits0

Tenable Nessus•added 2026/06/01 12:0 a.m.•10 views

openSUSE 16 Security Update : vim (openSUSE-SU-2026:20828-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20828-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and...

7.8CVSS7.6AI score0.00224EPSS

Exploits1References19

6.5CVSS6.6AI score0.0123EPSS

WezTerm MCP Server: Operating System Command Injection Vulnerability

WezTerm MCP Server is a terminal control and interaction tool developed by Kentaro Hiraishi. Version 0.1.0 of WezTerm MCP Server contains a vulnerability related to operating system command injection. This vulnerability stems from incorrect operations in the switchpane/writetospecificpane...

Exploits0References6

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45251

A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file internal/sandbox/fsbridge.go of the component write file Tool. Performing a manipulation results in os command injection. The attack is possible to be carried out remotely...

7.5CVSS6.7AI score0.01761EPSS

Exploits0References8

Positive Technologies•added 2026/06/01 12:0 a.m.•11 views

PT-2026-45449

A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint. Performing a manipulation of the argument commitId results in os command injection. The attack can be initiated remotely. The exploit h...

7.5CVSS6.6AI score0.02138EPSS

Exploits0References9

7.5CVSS6AI score0.00079EPSS

Launch-editor command injection vulnerability

Launch-editor is a Vite open-source tool that allows opening an editor from Node.js and navigating to a specified row and column. Versions of Launch-editor prior to 2.9.0 had a command injection vulnerability. This vulnerability stemmed from insufficient cleanup of the file parameter, which could...

Exploits0References3

GithubExploit•added 2026/05/31 4:5 p.m.•63 views

Exploit for CVE-2022-25765

CVE-2022-25765 — Command Injection in pdfkit Descripción...

9.8CVSS7.3AI score0.88705EPSS

Exploits11

NVD•added 2026/05/31 2:16 p.m.•11 views

CVE-2026-10182

A vulnerability was determined in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formWlanSetup of the file /goform/formWlanSetup. Executing a manipulation of the argument enrollee can lead to command injection. The attack can be launched remotely. The exploit has been publicly...

6.5CVSS0.01433EPSS

EUVD•added 2026/05/31 1:0 p.m.•10 views

EUVD-2026-33504

CVE•added 2026/05/31 1:0 p.m.•10 views

CVE-2026-10182

CVE-2026-10182 affects TRENDnet TEW-432BRP firmware 3.10B20. The vulnerable element is the function /goform/formWlanSetup (formWlanSetup) where manipulating the argument enrollee can cause a command injection . The issue is exploitable remotely, and public disclosure of the exploit is indicated. ...

Cvelist•added 2026/05/31 1:0 p.m.•29 views

CVE-2026-10182 TRENDnet TEW-432BRP formWlanSetup command injection

6.5CVSS0.01433EPSS

ATTACKERKB•added 2026/05/31 1:0 p.m.•8 views

CVE-2026-10182

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/31 1:0 p.m.•5 views

CVE-2026-10182 TRENDnet TEW-432BRP formWlanSetup command injection

NVD•added 2026/05/31 12:16 p.m.•10 views

CVE-2026-10180

A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSysCmd of the file /goform/formSysCmd. Such manipulation of the argument sysCmd leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

6.5CVSS0.01433EPSS

Vulnrichment•added 2026/05/31 11:15 a.m.•6 views

CVE-2026-10180 TRENDnet TEW-432BRP formSysCmd command injection

6.5CVSS5.6AI score0.01433EPSS