CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 6 days ago•10 views

EUVD-2026-34056

NVD•added 6 days ago•8 views

Exploits0References10

CVE-2026-10690

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS0.00048EPSS

Exploits0References7

Vulnrichment•added last week•5 views

CVE-2026-10691 wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos

ATTACKERKB•added last week•4 views

Exploits0References9

CVE-2026-10691

Exploits0References9Affected Software1

Vulnrichment•added last week•5 views

CVE-2026-10690 wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery

6.5CVSS6.2AI score0.00048EPSS

Exploits0References7

Positive Technologies•added 2026/06/02 12:0 a.m.•7 views

PT-2026-45884

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00048EPSS

Exploits0References8

Positive Technologies•added 2026/06/02 12:0 a.m.•6 views

PT-2026-45885

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component start search. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It i...

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Exploits0References10

Astra Linux - уязвимость в mc

A issue was discovered in Midnight Commander through version 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user can connect to the server without being able to verify its authenticity...

7.5CVSS7.1AI score0.01053EPSS

Exploits1References2

RedhatCVE•added 2026/03/26 3:4 p.m.•2 views

CVE-2026-3334

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...

Patchstack•added 2026/03/23 6:34 p.m.•4 views

WordPress CMS Commander plugin <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'orblogname' Parameter vulnerability discovered by WordFence in WordPress Plugin CMS Commander versions = 2.288...

Exploits0References1Affected Software1

NVD•added 2026/03/21 4:17 a.m.•1 views

CVE-2026-3334

8.8CVSS0.00043EPSS

Cvelist•added 2026/03/21 3:26 a.m.•26 views

CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter

8.8CVSS0.00043EPSS

CVE•added 2026/03/21 3:26 a.m.•8 views

CVE-2026-3334

The CVE-2026-3334 entry concerns the WordPress CMS Commander plugin. Affected software: CMS Commander plugin for WordPress (up to version 2.288). Vulnerability: SQL Injection via the parameters or_blogname, or_blogdescription, and or_admin_email, caused by insufficient escaping of user input and ...

Vulnrichment•added 2026/03/21 3:26 a.m.•0 views

CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter

CNNVD•added 2026/03/21 12:0 a.m.•3 views

WordPress plugin CMS Commander SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

RedhatCVE•added 2026/03/05 7:31 p.m.•3 views

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS5.9AI score0.00055EPSS

RedhatCVE•added 2026/03/05 7:31 p.m.•4 views

CVE-2025-59784

2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability can only be exploited after authenticating with administrator privileges...

7.2CVSS5.9AI score0.00062EPSS

RedhatCVE•added 2026/03/05 7:31 p.m.•3 views

CVE-2025-59786

2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application...

9.8CVSS5.9AI score0.00065EPSS

RedhatCVE•added 2026/03/05 7:30 p.m.•4 views

CVE-2025-59783

API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after authenticating with administrator privileges...

8.8CVSS5.9AI score0.0015EPSS