CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

144 matches found

Emerson Dixell XWEB-500 - Arbitrary File Write

Emerson Dixell XWEB-500 contains an arbitrary file write caused by unauthenticated access to /cgi-bin/logoextraupload.cgi, /cgi-bin/calsave.cgi, and /cgi-bin/loutils.cgi, letting attackers write any file on the system, exploit requires no authentication. id: CVE-2021-45420 info: name: Emerson...

10CVSS7.4AI score0.88992EPSS

Exploits1References3

GithubExploit•added 2026/05/25 10:9 a.m.•60 views

Exploit for CVE-2026-38422

CVE-2026-38422: Remote Code Execution via Combined Buffer Over...

5.9AI score0.00237EPSS

Exploits2

GithubExploit•added 2026/05/04 5:19 a.m.•49 views

vulnerability-research

Vulnerability Research & Responsible Disclosure Shivam Paji...

5.8AI score

Exploits0

CNNVD•added 2026/04/24 12:0 a.m.•3 views

SenseLive X3050 跨站请求伪造漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a cross-site request forgeing vulnerability. This vulnerability arises from the lack of protection against cross-site request forgeing in the w...

8.4CVSS5.7AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:52 a.m.•4 views

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

5.4CVSS5.9AI score0.00323EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:51 a.m.•9 views

CVE-2022-42055

Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system...

6.5CVSS7.7AI score0.0711EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:19 a.m.•6 views

CVE-2021-22547

In IoT Devices SDK, there is an implementation of calloc that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading th...

7.8CVSS7.1AI score0.00026EPSS

Exploits0References1

Cvelist•added 2025/12/17 8:21 p.m.•22 views

CVE-2025-66647 RIOT OS has buffer overflow in gnrc_ipv6_ext_frag_reass

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. A vulnerability was discovered in the IPv6 fragmentation reassembly implementation of RIOT OS v2025.07. When copying the contents of the first...

6.3CVSS0.00668EPSS

Exploits1References6