CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43246

Name of the Vulnerable Software and Affected Versions Squirrel versions prior to 3.3 Description A heap-based buffer overflow occurs in the Cnut File Handler component within the ReadObject function of the squirrel/sqobject.cpp file. This issue allows a local attacker to perform a manipulation th...

5.3CVSS6.1AI score0.00023EPSS

Exploits1References8

Positive Technologies•added 2026/05/26 12:0 a.m.•7 views

PT-2026-43379

A weakness has been identified in ThingsBoard up to 4.3.1.1. Affected by this vulnerability is the function getGatewayDockerComposeFile of the file /api/v1/provision of the component YAML Handler. This manipulation causes code injection. It is possible to initiate the attack remotely. The attack'...

5.1CVSS5.2AI score0.00041EPSS

Exploits0References6

CNNVD•added 2026/05/26 12:0 a.m.•7 views

TOTOLINK CA750-PoE 操作系统命令注入漏洞

TOTOLINK CA750-PoE is a wireless network access device developed by TOTOLINK Corporation. Version 6.2c.510 of TOTOLINK CA750-PoE contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the fwUrl/magicid parameters in the...

6.5CVSS6.6AI score0.04841EPSS

CNNVD•added 2026/05/26 12:0 a.m.•6 views

Kubevirt 后置链接漏洞

Kubevirt is an open-source virtual machine manager developed by KubeVirt. Kubevirt has a post-installation vulnerability, which stems from improper verification of symbolic links. This vulnerability may allow authenticated OpenShift users to manipulate the console socket in a single namespace by...

9.9CVSS5.8AI score0.00121EPSS

Exploits0References2

NVD•added 2026/05/25 11:16 p.m.•7 views

CVE-2026-9513

A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the argument hosttime can lead to os command injection. The attack can be launched remotely...

6.5CVSS0.04841EPSS

NVD•added 2026/05/25 11:16 p.m.•7 views

CVE-2026-9512

A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of the argument admuser/admpass results in os command injection. The attack can b...

6.5CVSS0.04841EPSS

NVD•added 2026/05/25 11:16 p.m.•8 views

CVE-2026-9514

A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument NetDiagHost/NetDiagPingNum/NetDiagPingSize/NetDiagPingTimeOut/NetDiagTracertHop is...

6.5CVSS0.04841EPSS

CVE•added 2026/05/25 10:30 p.m.•10 views

CVE-2026-9513

Totolink CA750-PoE 6.2c.510 is affected by CVE-2026-9513 in the NTPSyncWithHost path /cgi-bin/cstecgi.cgi (Setting Handler). The vulnerability stems from improper handling of the host_time argument, enabling os command injection with remote access. The issue affects the specific function NTPSyncW...

6.5CVSS6.4AI score0.04841EPSS

NVD•added 2026/05/25 10:16 p.m.•5 views

CVE-2026-9511

A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx leads to os command injection. It is possible to launch the attack remotely. The...

6.5CVSS0.0375EPSS

Cvelist•added 2026/05/25 9:0 p.m.•18 views

CVE-2026-9503 GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference

A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwgnextentity of the file src/decode.c of the component DWG File Handler. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been releas...

4.8CVSS0.00014EPSS

Exploits0References7

Vulnrichment•added 2026/05/25 9:0 p.m.•7 views

CVE-2026-9503 GNU LibreDWG DWG File decode.c dwg_next_entity null pointer dereference

4.8CVSS5.4AI score0.00014EPSS

Exploits0References7

NVD•added 2026/05/25 8:16 p.m.•6 views

CVE-2026-9498

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS0.00046EPSS

EUVD•added 2026/05/25 8:0 p.m.•6 views

EUVD-2026-31733

CVE•added 2026/05/25 8:0 p.m.•12 views

CVE-2026-9498

Technical details are not publicly available in the provided documents. Monitor for updates.

ATTACKERKB•added 2026/05/25 8:0 p.m.•6 views

CVE-2026-9498

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/25 8:0 p.m.•4 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine