CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenSIPS or Open SIP Server is a very fast and flexible SIP RFC3261 proxy server. Written entirely in C, opensips can handle thousands calls per second even on low-budget hardware. A C Shell like scripting language provides full control over the server's behaviour. It's modular architecture allow...

8.3CVSS5.9AI score0.00318EPSS

Exploits0

CNNVD•added 2026/03/06 12:0 a.m.•6 views

Salzer Maitra SQL注入漏洞

Salzer Maitra is a business management software platform developed by the American company Salzer. Version 1.7.2 of Salzer Maitra contains a SQL injection vulnerability. This vulnerability stems from the mailid parameter in the outmail and inmail modules, which allows for SQL injections...

7.1CVSS6.1AI score0.00194EPSS

Exploits0References2

Positive Technologies•added 2026/03/06 12:0 a.m.•6 views

PT-2026-23692

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...

7.1CVSS6.1AI score0.00194EPSS

Exploits0References3

Tenable Nessus•added 2026/03/06 12:0 a.m.•2 views

RHEL 8 : kpatch-patch-4_18_0-372_131_1, kpatch-patch-4_18_0-372_137_1, kpatch-patch-4_18_0-372_145_1, kpatch-patch-4_18_0-372_158_1, and kpatch-patch-4_18_0-372_170_1 (RHSA-2026:3866)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3866 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

5.9AI score0.00195EPSS

Exploits0References4

Tenable Nessus•added 2026/03/06 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2025-40931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The...

9.1CVSS5.5AI score0.00583EPSS

Exploits0References3

OSV•added 2026/03/05 10:16 p.m.•1 views

CVE-2026-28456

OpenClaw versions 2026.1.5 prior to 2026.2.14 contain a vulnerability in the Gateway in which it does not sufficiently constrain configured hook module paths before passing them to dynamic import, allowing code execution. An attacker with gateway configuration modification access can load and...

7.2CVSS6AI score

Exploits0References4

NVD•added 2026/03/05 10:16 p.m.•10 views

CVE-2026-28393

OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings.transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration...

9.8CVSS0.00439EPSS

Exploits0References4

OSV•added 2026/03/05 10:16 p.m.•3 views

CVE-2026-28393

9.8CVSS6AI score

Exploits0References4

CVE•added 2026/03/05 9:59 p.m.•13 views

CVE-2026-28456

OpenClaw in Gateway has a path handling flaw: configurations may pass unconstrained hook module paths to dynamic import(), enabling local module execution in the Node.js process. Affects OpenClaw 2026.1.5 prior to 2026.2.14. Exploitation requires gateway config modification access. Impact: high o...

8.6CVSS6.1AI score0.00405EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/05 9:59 p.m.•2 views

CVE-2026-28456 OpenClaw 2026.1.5 < 2026.2.14 - Arbitrary Code Execution via Unsafe Hook Module Path Handling

8.6CVSS5.9AI score0.00405EPSS

Exploits0References4

Vulnrichment•added 2026/03/05 9:59 p.m.•4 views

CVE-2026-28393 OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal

8.3CVSS6AI score0.00439EPSS

Exploits0References4

CVE•added 2026/03/05 9:59 p.m.•16 views

CVE-2026-28393

OpenClaw 2.0.0-beta3 through 2026.2.13 contains a path-traversal vulnerability in the hook transform module loading (hooks.mappings[].transform.module) that allows loading and executing arbitrary JavaScript with gateway process privileges when an attacker can modify configuration. The issue arise...

9.8CVSS6.1AI score0.00439EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/05 9:59 p.m.•32 views

CVE-2026-28393 OpenClaw 2.0.0-beta3 < 2026.2.14 - Arbitrary JavaScript Module Loading via Hook Transform Path Traversal

8.3CVSS0.00439EPSS

Exploits0References4

EUVD•added 2026/03/05 9:59 p.m.•5 views

EUVD-2026-9893

8.3CVSS6.1AI score0.00439EPSS

Exploits0References4

ATTACKERKB•added 2026/03/05 9:59 p.m.•1 views

CVE-2026-28393

8.3CVSS6.1AI score0.00439EPSS

Exploits0References5

Vulnrichment•added 2026/03/05 9:18 p.m.•2 views

CVE-2026-21622 Password Reset Tokens Do Not Expire

Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Accounts.PasswordReset' module allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user requests a password reset, Hex sends an email containing a reset...

9.5CVSS5.8AI score0.0039EPSS

Exploits0References4

UbuntuCve•added 2026/03/05 9:16 p.m.•4 views

CVE-2026-0848

NLTK versions =3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of...

10CVSS8AI score0.00777EPSS

Exploits3References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by