CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/23 6:30 p.m.•11 views

EUVD-2018-21865

8.8CVSS6.1AI score0.00334EPSS

OSV•added 2026/05/23 10:58 a.m.•7 views

CLSA-2026-1779533909 unbound: Fix of 3 CVEs

CVE-2026-33278: dangling pointer dereference in dnsmsgdeepcopyregion during DS sub-query suspend/resume; the previously-backported CVE-2023-50387-CVE-2023-50868.patch dragged the vulnerable 'res-rep = origin-rep;' struct-assignment into our 1.16.2 tree. Save the destination rrsets pointer,...

10CVSS7AI score0.99995EPSS

Exploits1References1

CVE•added 2026/05/23 10:0 a.m.•33 views

CVE-2026-9296

Edimax BR-6428NS (firmware 1.10) contains a POST Request Handler vulnerability in /goform/formWlanM that allows command injection via manipulating arguments such as ateFunc/ateGain/ateTxCount/ateChan/ateRate/ateMacID/e2pTxPower1…/readE2P. The issue is exploitable remotely, with a public exploit a...

6.5CVSS6.4AI score0.01158EPSS

Vulnrichment•added 2026/05/23 10:0 a.m.•7 views

CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection

A weakness has been identified in Edimax BR-6428NS 1.10. This impacts the function system of the file /goform/formWlanM of the component POST Request Handler. Executing a manipulation of the argument...

6.5CVSS6.4AI score0.01158EPSS

EUVD•added 2026/05/23 10:0 a.m.•11 views

EUVD-2026-31531

6.5CVSS6.4AI score0.01158EPSS

Cvelist•added 2026/05/23 10:0 a.m.•16 views

CVE-2026-9296 Edimax BR-6428NS POST Request formWlanM system command injection

6.5CVSS0.01158EPSS

NVD•added 2026/05/23 8:16 a.m.•13 views

CVE-2026-9295

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The...

9CVSS0.00542EPSS

EUVD•added 2026/05/23 7:45 a.m.•8 views

EUVD-2026-31528

9CVSS7.8AI score0.00542EPSS

ATTACKERKB•added 2026/05/23 7:45 a.m.•13 views

CVE-2026-9295

9CVSS7.8AI score0.00542EPSS

Exploits0References4Affected Software1

8.8CVSS6.2AI score0.00334EPSS

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...

9.8CVSS6.1AI score0.01701EPSS

Dolibarr ERP CRM 代码注入漏洞

Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 7.0.3 of Dolibarr ERP CRM contains a code injection vulnerability. This vulnerability stems from injecting PHP code via the dbname parameter, which may allow unauthenticated attackers to execu...

Exploits1References4

Positive Technologies•added 2026/05/23 12:0 a.m.•9 views

PT-2026-43096

Name of the Vulnerable Software and Affected Versions Dolibarr ERP CRM version 7.0.3 Description Unauthenticated attackers can achieve remote code execution by injecting PHP code through the db name parameter. This is performed by sending a POST request to the 'install/step1.php' endpoint...

9.8CVSS6.4AI score0.01701EPSS

Exploits1References12

9CVSS7.8AI score0.00542EPSS

Edimax BR-6428nS 安全漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a security vulnerability. This vulnerability stems from improper handling of the parameter “vapurl” in the “formWirelessTbl” function within the POST request processing program,...

Exploits0References5

8.7CVSS5.8AI score0.00585EPSS

D-Link DIR-601 安全漏洞

The D-Link DIR-601 is a home wireless router produced by D-Link Corporation. The D-Link DIR-601 2.02NA version has a security vulnerability. This vulnerability arises from manipulating the tablename parameter in POST requests, which may allow unauthenticated attackers to retrieve sensitive...

Exploits0References5

8.8CVSS5.9AI score0.00334EPSS

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the searched parameter in the search.php file. It may allow unauthenticated attackers to manipulat...

8.8CVSS5.9AI score0.00358EPSS

Joomla Component Ek Rishta SQL注入漏洞

The Joomla component Ek Rishta is a Joomla-based dating and networking website component developed by the Ek Rishta team. Version 2.10 of the Ek Rishta component contains a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the cid parameter, which may allow...

6.5CVSS6.6AI score0.01519EPSS

Edimax EW-7438RPn 操作系统命令注入漏洞

The Edimax EW-7438RPn is a wireless signal extender produced by Edimax of Taiwan, China. Versions of Edimax EW-7438RPn prior to 1.31 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the function formWpsStart in the webs component...

Exploits0References6

6.5CVSS6.7AI score0.01398EPSS

Edimax BR-6428nS 命令注入漏洞

The Edimax BR-6428nS is a wireless router produced by Edimax Corporation. Version 1.10 of the Edimax BR-6428nS contains a command injection vulnerability. This vulnerability stems from improper handling of the parameter “repeaterSSID” in the formWlbasic function within the POST request processing...

Exploits0References5