CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61636 matches found

Circl•added 2026/03/09 10:10 p.m.•3 views

GHSA-9Q2P-VC84-2RWM

creationtimestamp| type| source ---|---|--- 2026-03-09 22:10:06+00:00| seen| https://gist.github.com/alon710/c9b7b8cb1e830c7075cb4162b8d49b80...

5.8AI score

Exploits0References1

AlpineLinux•added 2026/03/09 9:11 p.m.•3 views

CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS

Exploits4References2

Circl•added 2026/03/09 8:10 p.m.•1 views

GHSA-93FX-5QGC-WR38

creationtimestamp| type| source ---|---|--- 2026-03-09 20:10:06+00:00| seen| https://gist.github.com/alon710/56622a5fb0d29db6ad09ba417d4e4cd3...

5.8AI score

Exploits0References1

RedhatCVE•added 2026/03/09 7:54 p.m.•4 views

CVE-2026-3741

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.4CVSS4.2AI score0.00196EPSS

Exploits1References1

OSV•added 2026/03/09 7:48 p.m.•7 views

GHSA-525J-95GF-766F FileBrowser Quantum: Password-Protected Share Bypass via /public/api/share/info

Summary The remediation for CVE-2026-27611 appears incomplete. Password protected shares still disclose tokenized downloadURL via /public/api/share/info in docker image gtstef/filebrowser:1.3.1-webdav-2. Details The issue stems from two flaws: 1. Tokenized download URLs are written into the...

7.5CVSS5.7AI score0.00544EPSS

Exploits1References5

Circl•added 2026/03/09 7:30 p.m.•2 views

CVE-2026-3638

creationtimestamp| type| source ---|---|--- 2026-03-09 19:30:13+00:00| seen| https://infosec.exchange/users/offseq/statuses/116200873186129950...

5.9CVSS5.8AI score0.00177EPSS

Exploits0References1

Circl•added 2026/03/09 7:20 p.m.•3 views

CVE-2026-31829

creationtimestamp| type| source ---|---|--- 2026-03-09 19:20:42+00:00| published-proof-of-concept| https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7 2026-03-11 08:10:05+00:00| seen| https://gist.github.com/alon710/1475f09f284d480dbb7f0348bae5ca9a 2026-03-17...

8.8CVSS7AI score0.023EPSS

Exploits1References3

Circl•added 2026/03/09 7:10 p.m.•1 views

GHSA-HWX8-Q9CG-MQMC

creationtimestamp| type| source ---|---|--- 2026-03-09 19:10:06+00:00| seen| https://gist.github.com/alon710/3fd4142edf95384fd65face73227a201...

5.8AI score

Exploits0References1

Circl•added 2026/03/09 6:40 p.m.•2 views

GHSA-Q5Q9-2RHP-33QW

creationtimestamp| type| source ---|---|--- 2026-03-09 18:40:05+00:00| seen| https://gist.github.com/alon710/b35bd22da36673db291bcd39a01cd730...

5.8AI score

Exploits0References1

Circl•added 2026/03/09 6:10 p.m.•1 views

GHSA-X6FW-778M-WR9V

creationtimestamp| type| source ---|---|--- 2026-03-09 18:10:05+00:00| seen| https://gist.github.com/alon710/dd4d266e9eb897cccd36bc7bc2690585...

5.8AI score

Exploits0References1

Circl•added 2026/03/09 5:40 p.m.•1 views

GHSA-4HGG-C4RR-6H7F

creationtimestamp| type| source ---|---|--- 2026-03-09 17:40:05+00:00| seen| https://gist.github.com/alon710/97d8836abc82cac88ce934ff047f0ac3...

5.8AI score

Exploits0References1

Circl•added 2026/03/09 5:15 p.m.•3 views

CVE-2005-1849

creationtimestamp| type| source ---|---|--- 2026-03-09 17:15:08+00:00| seen| https://gist.github.com/verdurin/ec4ecbbbe37c7ae1f4a79c34dbdb6793...

5CVSS5.8AI score0.03999EPSS

Exploits0References1

RedhatCVE•added 2026/03/09 4:53 p.m.•4 views

CVE-2026-29786

A flaw was found in node-tar. A hardlink that points outside the extraction directory can be created by using a drive-relative link target such as C:../target.txt, allowing a file overwrite outside the current working directory during normal tar.x extraction. Mitigation Red Hat has investigated...

8.6CVSS5.7AI score0.00276EPSS

Exploits2References5

Cvelist•added 2026/03/09 4:19 p.m.•30 views

CVE-2025-15568 Command Injection Vulnerability on TP-Link Archer AXE75

A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution RCE when the router is configured with sysmode=ap. Successful exploitation results in root-level...

8.5CVSS0.01441EPSS

Exploits0References4