CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

OSSF Malicious Packages•added 2026/05/14 7:25 p.m.•5 views

Malicious code in exxpress-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 378e423b00c08a371fbae1c77360685d2277e502e9875caa53fb20f58a39f396 The package name exxpress-tool is a one-character edit of the widely-used express package. On npm install, the declared scripts.postinstall runs...

5.9AI score

Exploits0References3

Vulnrichment•added 2026/04/06 5:30 p.m.•0 views

CVE-2026-35050 text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".

text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, thi...

9.1CVSS5.9AI score0.00095EPSS

Exploits1References1

Cvelist•added 2026/04/06 5:30 p.m.•18 views

CVE-2026-35050 text-generation-webui affected by Remote Code Execution (RCE) through Path Traversal at "Session -> Save extention settings to user_data/settings.yaml".

9.1CVSS0.00095EPSS

Exploits1References1

ATTACKERKB•added 2026/04/06 5:30 p.m.•1 views

CVE-2026-35050

9.1CVSS5.9AI score0.00095EPSS

Exploits1References2Affected Software1

EUVD•added 2026/04/06 5:30 p.m.•2 views

EUVD-2026-19408

9.1CVSS5.9AI score0.00095EPSS

Exploits1References1

CVE•added 2026/04/06 5:30 p.m.•5 views

CVE-2026-35050

CVE-2026-35050 affects text-generation-webui prior to 4.1.1. An attacker can abuse the ability to save extension settings in the app root (py format) to overwrite Python files such as download-model.py. The overwritten file can be triggered via the Model menu when requesting to download a new mod...

9.1CVSS5.9AI score0.00095EPSS

Exploits1References1Affected Software1

OSV•added 2025/10/14 7:30 p.m.•3 views

CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

8.6CVSS8.3AI score0.05373EPSS

Exploits6References1

Positive Technologies•added 2025/10/14 12:0 a.m.•1 views

PT-2025-42185

Name of the Vulnerable Software and Affected Versions FreePBX Endpoint Manager versions prior to 16.0.92 FreePBX Endpoint Manager versions prior to 17.0.6 Description The FreePBX Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

8.6CVSS8.8AI score0.05373EPSS

Exploits6References21

SUSE CVE•added 2023/02/15 5:1 a.m.•1 views

SUSE CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

6.5CVSS8.8AI score0.00682EPSS

Exploits0References6

OSV•added 2016/09/11 10:59 a.m.•0 views

CVE-2016-5162

6.5CVSS7.4AI score

Exploits0References12

OSV•added 2016/09/11 10:59 a.m.•0 views

CVE-2016-5160

6.5CVSS7AI score

Exploits0References12

OSV•added 2016/09/11 10:59 a.m.•0 views

UBUNTU-CVE-2016-5162