CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

74 matches found

CNNVD•added 2026/05/18 12:0 a.m.•5 views

Continue 路径遍历漏洞

“Continue” is an open-source AI code review tool that can enforce checks during CI processes. Versions of “continue” prior to 1.2.22 contain a path traversal vulnerability. This vulnerability stems from the function “lsTool” in the component’s JSON-RPC Server, where the function “lsTool” processe...

4.8CVSS6AI score0.00036EPSS

Exploits1References2

RedhatCVE•added 2026/05/15 7:57 p.m.•3 views

CVE-2026-45053

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

9.1CVSS5.8AI score0.00245EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/04 2:25 p.m.•4 views

Security Bulletin: Vulnerability in wheel affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in wheel has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.1CVSS7.3AI score0.00015EPSS

Exploits2Affected Software2

CNNVD•added 2026/05/04 12:0 a.m.•4 views

MCP Server for ArangoDB 路径遍历漏洞

MCP Server for ArangoDB is a database interaction tool based on ArangoDB, developed by Alp Sarıyer. Versions of MCP Server for ArangoDB 0.4.7 and earlier had a path traversal vulnerability. This vulnerability stemmed from the function arangobackup in the MCP Interface component, which allowed for...

6.5CVSS6.6AI score0.00057EPSS

Exploits0References1

EUVD•added 2026/03/17 6:31 a.m.•0 views

EUVD-2026-12536

A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function getabspath of the file python/helpers/files.py. The manipulation results in path traversal. The attack can be executed remotely. The exploit has been released to the public and may be...

5.3CVSS5.5AI score0.00068EPSS

Exploits0References5

CNNVD•added 2026/02/19 12:0 a.m.•3 views

Dell Unisphere for PowerMax 安全漏洞

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. Version 10.2 of Dell Unisphere for PowerMax contains a security vulnerability, which stems from relative path traversal. This vulnerability could allow unauthorized modifications to critical...

8.1CVSS5.8AI score0.00093EPSS

Exploits0References1

Tenable Nessus•added 2026/02/18 12:0 a.m.•3 views

Splunk Enterprise 9.2.0 < 9.2.9, 9.3.0 < 9.3.7, 9.4.0 < 9.4.5, 10.0.0 < 10.0.3 (SVD-2026-0202)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0202 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.5, 9.3.7, and 9.2.9, and Splunk Cloud Platform versions below...

5.7CVSS5.8AI score0.00042EPSS

Exploits0References2

CNNVD•added 2026/02/10 12:0 a.m.•2 views

SiYuan 路径遍历漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.5 contained a path traversal vulnerability. This vulnerability stemmed from the use of case-sensitive string equality checks in the/api/file/getFile endpoint. In file systems tha...

7.5CVSS5.8AI score0.00087EPSS

Exploits1References3

CNNVD•added 2026/01/27 12:0 a.m.•5 views

Go-TUF path traversal vulnerability

go-tuf is a framework developed by The Update Framework for protecting software update systems. Versions of go-tuf prior to 2.4.1 contained a path traversal vulnerability. This vulnerability stemmed from the use of repository name strings as file system path components, allowing for path traversa...

4.7CVSS5.8AI score0.00009EPSS

Exploits1References3

Positive Technologies•added 2025/12/30 12:0 a.m.•2 views

PT-2025-54244

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains an unauthenticated remote code execution issue due to a path traversal flaw in the firmware upload functionality. The upload.cgi script allows attackers t...

9.3CVSS8.1AI score0.01147EPSS

Exploits2References7

The Hacker News•added 2025/11/17 12:34 p.m.•17 views

⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More

This week showed just how fast things can go wrong when no one's watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms. It's not just about hacking anymore. Criminals are building systems to...

10CVSS8.6AI score0.9299EPSS

Exploits27

Tenable Nessus•added 2025/11/14 12:0 a.m.•1 views

Ivanti Endpoint Manager < 2024 SU4 Multiple Vulnerabilities

The version of Ivanti Endpoint Manager running on the remote host is prior to 2024 SU34. It is, therefore, affected by multiple vulnerabilities: - Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary...

8.8CVSS7.1AI score0.03496EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-2177

Malware in sbrugna...

9.8CVSS8.8AI score0.0715EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-3594

Malware in sbrugna...

4.9CVSS6.2AI score0.01762EPSS

Exploits1References10

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-27537