CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1635 matches found

CVE-2026-36606

CVE-2026-36606 affects Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909. The vulnerability stems from encrypting configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who gains a backup file can decrypt it to recover all stored credentials, inc...

7.1CVSS5.8AI score

Exploits0References1

ATTACKERKB•added yesterday•2 views

CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score

Exploits0References2

Positive Technologies•added yesterday•3 views

PT-2026-45994

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

7.1CVSS5.8AI score

Exploits0References2

EUVD•added yesterday•3 views

EUVD-2026-34145

7.1CVSS5.8AI score

Exploits0References1

Cvelist•added yesterday•10 views

CVE-2026-36606

Exploits0References1

Nuclei•added 2 days ago•85 views

ESAFENET CDG - Arbitrary File Download

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...

7.5CVSS7.2AI score0.79234EPSS

Exploits1References2

EUVD•added 3 days ago•6 views

EUVD-2026-33829

eLabFTW is an open source electronic lab notebook. Prior to version 5.4.2, in certain cases, an authenticated user performing a numeric reference/search can return results that include resources the requesting user is not authorized to view. The exposed information is limited only the title...

4.3CVSS5.8AI score0.00027EPSS

Exploits0References1

Positive Technologies•added 3 days ago•9 views

PT-2026-45660

4.3CVSS5.8AI score0.00027EPSS

Exploits0References2

NVD•added 6 days ago•10 views

CVE-2026-9493

Service Center developed by BankPro E-Service Technology has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify the parameter of a specific query function to access other users' EC order details...

7.1CVSS0.00038EPSS

Exploits0References2

EUVD•added 6 days ago•9 views

EUVD-2026-33253

7.1CVSS5.8AI score0.00038EPSS

Exploits0References2

RedhatCVE•added last week•4 views

CVE-2026-9525

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may ...

7.5CVSS6.8AI score0.00039EPSS

Exploits0References1

RedhatCVE•added 2026/05/27 8:14 p.m.•11 views

CVE-2026-9527

A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...

5.3CVSS4.4AI score0.00035EPSS

Exploits0References1

NVD•added 2026/05/26 9:16 p.m.•9 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS0.00021EPSS

Exploits0References2

ATTACKERKB•added 2026/05/26 8:59 p.m.•8 views

CVE-2026-47672

6.5CVSS5.9AI score0.00021EPSS

Exploits0References3Affected Software1

NVD•added 2026/05/26 5:16 a.m.•4 views

CVE-2026-9526

A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/editteam.php. The manipulation of the argument numid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be use...

7.5CVSS0.00039EPSS

Exploits0References5

NVD•added 2026/05/26 5:16 a.m.•10 views

CVE-2026-9527

5.3CVSS0.00035EPSS

Exploits0References5

NVD•added 2026/05/26 5:16 a.m.•7 views

CVE-2026-9528

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/deletejudge.php. Such manipulation of the argument judgeid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be...

7.5CVSS0.00039EPSS

Exploits0References5

NVD•added 2026/05/26 4:16 a.m.•8 views

CVE-2026-9525

7.5CVSS0.00039EPSS

Exploits0References5

CVE•added 2026/05/26 4:0 a.m.•9 views

CVE-2026-9528

The CVE-2026-9528 entry concerns itsourcecode Electronic Judging System 1.0. Affected component: /admin/delete_judge.php; vulnerability arises from manipulation of the judge_id parameter, enabling SQL injection. Attacker can exploit remotely; public exploit is available per the description. No re...

7.5CVSS7AI score0.00039EPSS

Exploits0References5

Cvelist•added 2026/05/26 4:0 a.m.•30 views

CVE-2026-9528 itsourcecode Electronic Judging System delete_judge.php sql injection

7.5CVSS0.00039EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by