CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

513 matches found

EUVD-2026-34036

A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blendermcp/server.py. The manipulation of the argument inputimageurl leads to injection. Remote exploitation of the attack is possible. The exploit...

5.3CVSS5.3AI score0.00033EPSS

Exploits0References9

Vulnrichment•added 2 days ago•2 views

CVE-2026-10661 ahujasid blender-mcp server.py open injection

5.3CVSS5.3AI score0.00033EPSS

Exploits0References8

CVE•added 2 days ago•9 views

CVE-2026-10567

The CVE concerns 1Panel-dev CordysCRM up to version 1.4.1. The vulnerability is in ModuleFormController/ModuleFormService.java (Save function); manipulating the Description argument leads to cross-site scripting (XSS). Exploitation is possible remotely and the exploit has been disclosed publicly....

5.1CVSS4.1AI score0.00043EPSS

Exploits0References9

SUSE CVE•added 2 days ago•6 views

SUSE CVE-2026-10268

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshalonefiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made availabl...

4.8CVSS5.5AI score0.00013EPSS

Exploits0References3

Positive Technologies•added 2 days ago•10 views

PT-2026-45685

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

5.1CVSS4.1AI score0.00043EPSS

Exploits0References10

Positive Technologies•added 2 days ago•3 views

PT-2026-45886

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is safe regex pattern of the component search code advanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the atta...

5.3CVSS5.5AI score0.00045EPSS

Exploits0References9

Positive Technologies•added 2 days ago•4 views

PT-2026-45884

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component read file. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS6.2AI score0.00043EPSS

Exploits0References8

CVE•added 3 days ago•9 views

CVE-2026-10268

The CVE affects janet-lang Janet up to 1.41.0, specifically the unmarshal_one_fiber function in src/core/marsh.c. A manipulation can cause an integer overflow, with local-host exploitation possible. A public PoC exists, and the patch d9b1d711ea1fde52ac73a82088b512a3e17bad0d provides remediation. ...

4.8CVSS5.5AI score0.00013EPSS

Exploits0References8

EUVD•added 3 days ago•8 views

EUVD-2026-33654

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attack...

4.8CVSS5.4AI score0.00012EPSS

Exploits0References9

EUVD•added 3 days ago•8 views

EUVD-2026-33521

A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator leads to null pointer dereference. The attack must be carried out locally. The exploit has been disclosed to the...

4.8CVSS5.2AI score0.00012EPSS

Exploits0References10

CVE•added 2026/05/25 9:0 p.m.•12 views

CVE-2026-9503

Summary: CVE-2026-9503 affects GNU LibreDWG up to v0.14, specifically the DWG File Handler’s dwg_next_entity function in src/decode.c. The issue is a null pointer dereference arising from the function’s handling of certain DWG entities, with exploitation requiring local access. The exploit has be...

4.8CVSS5.4AI score0.00014EPSS

Exploits0References7

AstraLinux•added 2026/05/20 5:53 a.m.•10 views

Astra Linux - уязвимость в binutils

A vulnerability was identified in GNU Binutils 2.45. The affected component is the elfx8664relocatesection function in the file elf64-x86-64.c of the Linker component. This vulnerability causes a heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly...

5.5CVSS6AI score0.00028EPSS

Exploits1References2

Positive Technologies•added 2026/05/17 12:0 a.m.•5 views

PT-2026-41536

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs sbi subscription data add/ogs sbi nf service add in the library /lib/sbi/context.c of the component NRF. Executing a manipulation can lead to denial of service. It is possible to launch the attack remotely. The...

5.3CVSS5.4AI score0.00078EPSS

Exploits1References10

EUVD•added 2026/05/11 6:31 p.m.•4 views

EUVD-2026-29158

A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component bluebubbles Webhook. Performing a manipulation results in improper authentication. It is possible to...

7.5CVSS6.8AI score0.00415EPSS

Exploits1References10

EUVD•added 2026/05/08 3:30 a.m.•6 views

EUVD-2026-28483

A security vulnerability has been detected in GPAC up to 26.02.0. This affects the function sidxboxread of the file src/isomedia/boxcodebase.c. The manipulation leads to allocation of resources. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The...

4.8CVSS5.3AI score0.00022EPSS

Exploits1References7

CVE•added 2026/05/08 3:30 a.m.•6 views

CVE-2026-8133

CVE-2026-8133 affects zyx0814 FilePress up to version 2.2.0, specifically the Shares Filelist API concerning dzz/shares/admin.php. The vulnerability arises from incorrect handling of argument order, enabling SQL injection. It is exploitable remotely, with exploitation details publicly disclosed. ...

7.5CVSS6.7AI score0.00048EPSS

Exploits0References8

NVD•added 2026/05/08 2:16 a.m.•11 views

CVE-2026-8124

5.5CVSS0.00022EPSS

Exploits1References6

CVE•added 2026/05/08 1:15 a.m.•6 views

CVE-2026-8124

GPAC up to 26.02.0 is affected by CVE-2026-8124 via the sidx_box_read function in src/isomedia/box_code_base.c, enabling local resource allocation (vulnerability defined as PARTIAL availability impact). The issue is exploitable locally and has publicly disclosed exploit information. A patch ident...

5.5CVSS5.3AI score0.00022EPSS

Exploits1References6Affected Software1

Debian CVE•added 2026/05/08 1:15 a.m.•7 views

CVE-2026-8124

5.5CVSS5.3AI score0.00022EPSS

Exploits1

NVD•added 2026/05/07 10:16 p.m.•5 views

CVE-2026-8113

A vulnerability was determined in 8421bit MiniClaw up to 43905b934cf76489ab28e4d17da28ee97970f91f. Affected by this vulnerability is the function isPathInside of the file src/kernel.ts of the component executeSkillScript. Executing a manipulation can lead to path traversal. It is possible to laun...

6.5CVSS0.00067EPSS

Exploits1References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by