CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

70377 matches found

CVE•added 2026/05/30 4:30 p.m.•12 views

CVE-2026-10127

CVE-2026-10127 affects Edimax BR-6478AC firmware version 1.23. The vulnerability resides in the POST Request Handler function formStaDrvSetup, specifically the /goform/formStaDrvSetup endpoint, where manipulating the argument rootAPmac enables command injection. Exploitation can be remote; public...

6.5CVSS6.5AI score0.01409EPSS

Exploits0References4

GithubExploit•added 2026/05/30 10:50 a.m.•87 views

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploitation-Using-Metasploit-

Internal-Penetration-Test-Report-Web-Exploitation-Post-Exploit...

6.5AI score

Exploits0

GithubExploit•added 2026/05/30 9:28 a.m.•70 views

CVE-2026-BWA-RCE

CVE-2026-XXXXX: BWA Command Injection RCE Overview | Fi...

6AI score

Exploits0

GithubExploit•added 2026/05/30 6:54 a.m.•79 views

Exploit for OS Command Injection in Thecodingmachine Gotenberg

POCCVE-2026-42589 Local reproduction lab and nuclei template...

9.8CVSS6.4AI score0.08768EPSS

Exploits2

OSV•added 2026/05/30 5:7 a.m.•14 views

MGASA-2026-0167 Updated vim packages fix security vulnerabilities

Heap Buffer Overflow in spell file loading affects Vim 9.2.0450. CVE-2026-45130 Vimscript Code Injection in netrw NetrwMarkFile via crafted filename affects Vim 9.2.0480. CVE-2026-43961 Command Injection in tar.vim affects Vim 9.2.0479. CVE-2026-46483 Vimscript Code Injection in netrw...

7CVSS5.8AI score0.00017EPSS

Exploits1References12

Positive Technologies•added 2026/05/30 12:0 a.m.•8 views

PT-2026-45129

A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. This manipulation of the argument rootAPmac causes command injection. The attack may be initiated remotely. The exploit has...

6.5CVSS5.7AI score0.01409EPSS

Exploits0References5

CNNVD•added 2026/05/30 12:0 a.m.•7 views

Edimax BR-6478AC 命令注入漏洞

The Edimax BR-6478AC is a dual-band Gigabit router produced by Edimax Corporation. The Edimax BR-6478AC version 1.23 has a command injection vulnerability. This vulnerability stems from the operation of the formStaDrvSetup function in the component POST Request Handler, specifically the parameter...

6.5CVSS6.6AI score0.01409EPSS

Exploits0References4

Tenable Nessus•added 2026/05/30 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44604

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats ZIP, 7z, GEM to a specified...

7CVSS6.1AI score0.00023EPSS

Exploits0References3

RedhatCVE•added 2026/05/29 8:13 p.m.•12 views

CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.02177EPSS

Exploits0References1

RedhatCVE•added 2026/05/29 8:13 p.m.•9 views

CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

10CVSS7.1AI score0.01254EPSS

Exploits0References1

RedhatCVE•added 2026/05/29 8:13 p.m.•7 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS6AI score0.00074EPSS

Exploits0References1

Snyk•added 2026/05/29 7:18 p.m.•5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...

6.3CVSS6AI score0.00116EPSS

Exploits0References2

Snyk•added 2026/05/29 7:18 p.m.•6 views

Command Injection

6.3CVSS6AI score0.00116EPSS

Exploits0References2

Snyk•added 2026/05/29 7:18 p.m.•5 views

Command Injection

6.3CVSS6AI score0.00116EPSS

Exploits0References2

NVD•added 2026/05/29 7:16 p.m.•9 views

CVE-2026-49366

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...

7.8CVSS0.00002EPSS

Exploits0References1

NVD•added 2026/05/29 6:17 p.m.•10 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS0.0025EPSS

Exploits0References1

NVD•added 2026/05/29 6:17 p.m.•10 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS0.0026EPSS

Exploits0References1