CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

192 matches found

Malwarebytes•added 2026/05/06 12:50 p.m.•4 views

Attackers adopt JavaScript runtime Bun to spread NWHStealer

In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers behind this stealer are continuously finding new methods to distribute the stealer. During our hunting activities, we noticed how attackers are using a JavaScript runtime called Bun to help distribut...

5.8AI score

Exploits0

EUVD•added 2026/04/05 9:30 p.m.•1 views

EUVD-2019-20087

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

8.8CVSS6.2AI score0.0013EPSS

Exploits1References4

Positive Technologies•added 2026/03/27 12:0 a.m.•2 views

PT-2026-28466

Name of the Vulnerable Software and Affected Versions Home Assistant versions 2020.02 through 2026.01 Description Home Assistant, an open-source home automation software, contains a flaw where an authenticated user can inject malicious code into a device entity name. This allows for Cross-Site...

8.8CVSS5.9AI score0.00021EPSS

Exploits1References6

Cvelist•added 2026/03/11 4:31 p.m.•23 views

CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities

A vulnerability in the web-based management interface of Cisco Finesse, Cisco Packaged Contact Center Enterprise Packaged CCE, Cisco Unified Contact Center Enterprise Unified CCE, Cisco Unified Contact Center Express Unified CCX, and Cisco Unified Intelligence Center could allow an unauthenticate...

6.1CVSS0.00054EPSS

Exploits0References1

EUVD•added 2026/01/30 4:16 p.m.•3 views

EUVD-2020-30957

Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in C:\Program Files x86\Outline to inject malicious code that would execute with...

8.5CVSS6.2AI score0.00021EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:56 a.m.•3 views

CVE-2022-38625

Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position i...

8.8CVSS7.2AI score0.00265EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:11 a.m.•5 views

CVE-2022-26947

Archer 6.x through 6.9 SP3 6.9.3.0 contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...

6.3CVSS5.8AI score0.0023EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:53 a.m.•5 views

CVE-2021-27602

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the...

9.9CVSS7.7AI score0.01848EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11134

Malware in sbrugna...

9.1CVSS9AI score0.6379EPSS

Exploits2References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-13698

Malware in sbrugna...

5.4CVSS5.6AI score0.00343EPSS

Exploits0References2