CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/29 12:0 a.m.•4 views

PT-2026-44903

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.29.1 Description Dokploy is a self-hostable Platform as a Service PaaS. A command injection issue exists in the deleteRegistry function within the packages/server/src/services/registry.ts file. The application...

8.8CVSS6AI score0.00218EPSS

Exploits0References3

Tenable Nessus•added 2026/05/29 12:0 a.m.•9 views

RockyLinux 10 : python3.14 (RLSA-2026:19019)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19019 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: CPython: Logging Bypass in Legacy .pyc File Handling...

9.1CVSS7.6AI score0.0017EPSS

Exploits0References19

OSV•added 2026/05/29 12:0 a.m.•4 views

MAL-2026-5033 Malicious code in @t-in-one/add_app_middleware_token (npm)

Wave 2 of a dependency confusion attack campaign C2: oob.moika.tech targeting internal npm scopes. The attacker npm user t-in-one, email [email protected] published packages at inflated versions that resolve ahead of private registry versions via npm's default version resolution. The campaign...

Packet Storm•added 2026/05/29 12:0 a.m.•26 views

📄 MeiG Smart FORGE_SLT711 Command Injection

MeiG Smart FORGESLT711 proof of concept remote command injection exploit. Exploit Title: MeiG Smart FORGESLT711 - OS Command Injection Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.meigsmart.com Software Link: N/A firmware distributed via carrier channels Version:...

9.1CVSS5.8AI score0.05643EPSS

Exploits3

OSSF Malicious Packages•added 2026/05/29 12:0 a.m.•10 views

Malicious code in @t-in-one/restore_application_hid_from_storage (npm)

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Dokploy 命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.29.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the use of JavaScript template literal expressions to construct shell commands, which were executed via...

9.6CVSS6.1AI score0.00054EPSS

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 TX and RX Hosts 7.9.1.0 R2502171040 version contains an operating system command injection vulnerability. This...

9.8CVSS6.1AI score0.00368EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44904

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uploads a file to a container, the destinationPath parameter is not properly sanitized and is directly...

9.9CVSS6.1AI score0.0025EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•10 views

PT-2026-44803

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX Host version 7.9.1.0 R2502171040 Description An OS Command Injection issue exists in the Administration WebUI, which allows remote authenticated attackers to execute arbitrary operating system commands on the host. OS Comma...

8.6CVSS6.2AI score0.00306EPSS

Exploits0References5

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44817

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

8.6CVSS6.1AI score0.00306EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44808

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

9.3CVSS6.1AI score0.00368EPSS

OSSF Malicious Packages•added 2026/05/29 12:0 a.m.•9 views

Malicious code in @t-in-one/safe_local_storage_token (npm)

OSV•added 2026/05/29 12:0 a.m.•4 views

MAL-2026-5039 Malicious code in @t-in-one/get_application_hid (npm)

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Dokploy 操作系统命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.28.8 and earlier contained a vulnerability related to operating system command injection. This vulnerability stemmed from authenticated OS command injections at the WebSocket endpoints, allowing any member of an...

9.9CVSS6.1AI score0.00243EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44769

Name of the Vulnerable Software and Affected Versions Acer Predator Connect W6x versions prior to W6x GBL 2.00.000008 Description Crafted MQTT messages can trigger command injection, allowing for root-level remote code execution on the target device without requiring authentication. Recommendatio...

10CVSS6.5AI score0.00218EPSS

Exploits0References8

Tenable Nessus•added 2026/05/29 12:0 a.m.•9 views

Vim < 9.2.0383 OS Command Injection in netrw (GHSA-85ch-p2qr-m5gx)

The version of Vim installed on the remote host is prior to 9.2.0383. It is, therefore, affected by a vulnerability as referenced in the GHSA-85ch-p2qr-m5gx advisory. - An OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. The suffix extraction logic in...

4.4CVSS6AI score0.0023EPSS