CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/08 8:58 a.m.•12 views

CVE-2026-11451

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument mediadir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

7.5CVSS7.2AI score0.02027EPSS

Exploits1References1

RedhatCVE•added 2026/06/08 8:58 a.m.•9 views

CVE-2026-11452

A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN0042e200 of the file /cgi-bin/glc of the component SETUSERPWD Handler. The manipulation of the argument Password leads to command injection. The attack can be initiated remotely. Upgrading to version 4.8....

7.5CVSS6.8AI score0.01681EPSS

Exploits1References1

NVD•added 2026/06/08 5:16 a.m.•14 views

CVE-2026-11487

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

5.3CVSS0.00923EPSS

Vulnrichment•added 2026/06/08 4:15 a.m.•8 views

CVE-2026-11487 Neovim View Branch secure.lua M.read command injection

Cvelist•added 2026/06/08 4:15 a.m.•37 views

CVE-2026-11487 Neovim View Branch secure.lua M.read command injection

5.3CVSS0.00923EPSS

EUVD•added 2026/06/08 4:15 a.m.•12 views

EUVD-2026-35018

ATTACKERKB•added 2026/06/08 4:15 a.m.•4 views

CVE-2026-11487

CVE•added 2026/06/08 4:15 a.m.•34 views

CVE-2026-11487

CVE-2026-11487 affects Neovim up to 0.12.2. The vulnerability resides in the M.read function of runtime/lua/vim/secure.lua (View Branch). Manipulation of the argument path can lead to local command injection. An exploit has been published and may be used locally. A patch identified by f83e0dcaf8c...

RedhatCVE•added 2026/06/08 2:58 a.m.•11 views

CVE-2026-11448

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS

RedhatCVE•added 2026/06/08 2:58 a.m.•9 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS6.2AI score0.01102EPSS

RedhatCVE•added 2026/06/08 2:58 a.m.•9 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS

Exploits1References1

RedhatCVE•added 2026/06/08 2:58 a.m.•12 views

CVE-2026-11447

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS6.2AI score0.01073EPSS

RedhatCVE•added 2026/06/08 2:58 a.m.•9 views

CVE-2026-11406

A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation causes command injection. Remote exploitation of the attack is possible. The exploit has been publicly...

6.5CVSS6.2AI score0.0123EPSS

ATTACKERKB•added 2026/06/08 1:55 a.m.•6 views

CVE-2023-54352

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

9.8CVSS6.7AI score0.00613EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/08 1:55 a.m.•43 views

CVE-2023-54350 WordPress Augmented-Reality Plugin Remote Code Execution Unauthenticated

WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers can send POST requests to the connector.minimal.php endpoint with mkfile and put commands to creat...

8.7CVSS0.00532EPSS

Exploits0References2

ATTACKERKB•added 2026/06/08 1:55 a.m.•5 views

CVE-2023-54350

8.7CVSS6.7AI score0.00532EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/08 12:0 a.m.•12 views

PT-2026-47437

Name of the Vulnerable Software and Affected Versions Tenda F451 versions 1.0.0.7 through 1.0.0.9 Description A security flaw in the Web Management Interface allows remote exploitation via OS command injection. The issue exists within the formWriteFacMac function located in the /goform/WriteFacMa...

9CVSS8AI score0.01614EPSS

Exploits0References12

CNNVD•added 2026/06/08 12:0 a.m.•6 views

OpenBullet2 操作系统命令注入漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained an operating system command injection vulnerability. This vulnerability originated from the FileProxySource proxy loading function, which cou...

8.8CVSS5.9AI score0.0057EPSS