CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/14 2:23 p.m.•31 views

CVE-2026-41933 Vvveb < 1.0.8.3 Directory Listing Information Disclosure

Vvveb before 1.0.8.3 contains a directory listing information disclosure vulnerability that allows unauthenticated attackers to enumerate files and directories by accessing multiple paths lacking proper index directives in .htaccess files. Attackers can access directories such as admin asset path...

6.9CVSS0.00047EPSS

Snyk•added 2026/05/12 9:31 p.m.•2 views

Directory Traversal

Overview github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Affected versions of this package are vulnerable to Directory Traversal via the host volume Create workflow. An attacker can break out of...

8.8CVSS6.3AI score0.00039EPSS

EUVD•added 2026/05/10 12:33 a.m.•7 views

EUVD-2026-28942

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directry if the victim uses an attacker-supplied .i64 file...

CVE•added 2026/05/09 9:47 p.m.•9 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 prior to 9.3sp2 do not block Clang dependency-file generation, enabling argument-injection via attacker-supplied .i64 files to place code into a plugins directory. Root cause: missing validation in dependency-file generation. Impact: local attacker could achieve code ...

ATTACKERKB•added 2026/05/09 9:47 p.m.•2 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/09 9:47 p.m.•4 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

Cvelist•added 2026/05/09 9:47 p.m.•26 views

CVE-2026-45181

Hex-Rays IDA Pro 9.2 and 9.3 before 9.3sp2 does not block Clang dependency-file generation via argument injection, which allows attackers to place their code into a plugins directory if the victim uses an attacker-supplied .i64 file...

6.5CVSS0.00008EPSS

Positive Technologies•added 2026/05/09 12:0 a.m.•8 views

PT-2026-39420

Name of the Vulnerable Software and Affected Versions Hex-Rays IDA Pro versions 9.2 through 9.3 Hex-Rays IDA Pro versions prior to 9.3sp2 Description An argument injection flaw exists where the software fails to block Clang dependency-file generation. This allows an attacker to place malicious co...

CNNVD•added 2026/05/09 12:0 a.m.•3 views

Exploits0References4

Hex-Rays IDA Pro 参数注入漏洞

Hex-Rays IDA Pro is a professional reverse-engineering tool developed by the Belgian company Hex-Rays. It is used for disassembly and program analysis. Versions of Hex-Rays IDA Pro from 9.2 to 9.3sp2 contained a parameter injection vulnerability. This vulnerability stemmed from the lack of...

Positive Technologies•added 2026/05/07 12:0 a.m.•7 views

PT-2026-38610

Name of the Vulnerable Software and Affected Versions FacturaScripts affected versions not specified Description A flaw in the Plugins::add function allows for a Zip Slip attack. The system does not properly validate file paths within uploaded ZIP archives in the Plugins.php file. Although the...

7.2CVSS6.2AI score0.00158EPSS

Exploits0References8

CNNVD•added 2026/05/04 12:0 a.m.•12 views

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an open-source application developed by OpenC3. Vulnerabilities exist in versions of OpenC3 COSMOS prior to 6.10.5 and 7.0.0-rc3. These vulnerabilities stem from design flaws in the savetoolconfig function, allowing the ability to save tool configuration files at any position...

4.3CVSS5.9AI score0.00049EPSS

CNNVD•added 2026/04/28 12:0 a.m.•3 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from the ability for the workspace.env file to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable,...

8.5CVSS5.8AI score0.00014EPSS

NVD•added 2026/04/26 10:17 p.m.•1 views

CVE-2018-25291

Project64 2.3.2 contains a buffer overflow vulnerability in the Plugin Directory settings field that allows local attackers to crash the application by supplying an excessively long string. Attackers can input a 6000-byte payload into the Plugin Directory field through the Options Settings...

6.9CVSS0.00017EPSS

ATTACKERKB•added 2026/04/26 1:19 p.m.•0 views

CVE-2018-25291

Exploits0References3Affected Software1

Vulnrichment•added 2026/04/26 1:19 p.m.•1 views

CVE-2018-25291 Project64 2.3.2 Denial of Service via Plugin Directory

EUVD•added 2026/04/26 1:19 p.m.•0 views

EUVD-2018-21811

CVE•added 2026/04/26 1:19 p.m.•3 views

CVE-2018-25291

CVE-2018-25291 affects Project64 2.3.2, where a buffer overflow in the Plugin Directory settings field can crash the application. An attacker can supply a long input (reported around a 6000-byte payload) through the Options > Settings > Directories interface, with the crash triggered when s...

Cvelist•added 2026/04/26 1:19 p.m.•29 views

CVE-2018-25291 Project64 2.3.2 Denial of Service via Plugin Directory

6.9CVSS0.00017EPSS

Positive Technologies•added 2026/04/26 12:0 a.m.•1 views

PT-2026-35261