CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11747 matches found

SolarView 6.00 - Remote Command Execution

SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. id: CVE-2022-40881 info: name: SolarView 6.00 - Remote Command Execution author: For3stCo1d severity: critical description: | SolarView Compact 6.00 is vulnerable to a command injection via networktest.php. impact: |...

9.8CVSS7.3AI score0.93672EPSS

Exploits2References5

GithubExploit•added 2 days ago•35 views

hermes-sidecar-poc

Hermes PoC — Pod + Nacos + Math microservice Dubbo Triple S...

5.8AI score

Exploits0

GithubExploit•added last week•44 views

CIFSwitch

CIFSwitch CVE-2026-46243 Writeuphttps://heyitsas.im/post...

7.8CVSS5.8AI score0.00017EPSS

Exploits4

GithubExploit•added 2026/05/27 8:5 a.m.•41 views

PHANTOM_old

PHANTOM Autonomous Penetration Testing Framework Recon -...

5.8AI score

Exploits0

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-44400

Name of the Vulnerable Software and Affected Versions Notepad++ versions prior to 8.9.6.1 Description An issue exists in the processing of the commandLineInterpreter parameter within the config.xml configuration file. The software fails to neutralize special elements, which allows an attacker to...

7.2CVSS6.3AI score

Exploits4References23

OSV•added 2026/05/25 1:57 p.m.•3 views

MAL-2026-4688 Malicious code in tempo-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc05637e4f67c7a00ac3b790680f46174243df9c2740a161a029d4b266a79839 On npm install, the preinstall script poc.js collects host identity hostname, username, OS/platform, network configuration ipconfig / ip a /...

5.8AI score

Exploits0References3

OSV•added 2026/05/25 1:49 a.m.•3 views

MAL-2026-4623 Malicious code in npm-builderio-qwik-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11a743cdce28dd141d636ff13baaee44df53fbaaed17efdc5a7380281b7097e1 The package's main entry index.js is a working browser exploit, not a library. When loaded in a DOM context, it creates a hidden iframe pointing at...

5.9AI score

Exploits0References5

OSV•added 2026/05/21 10:33 p.m.•3 views

MAL-2026-4540 Malicious code in crypt0co-walet-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5510d98b1e380f6c130bf9b4428321d711ae88d8a4fcb66368a2f6fb4e7ff58 On require/import, index.js lines 6-12 serializes the full process.env to /tmp/pocimpact.json and runs whoami and ip addr via execSync to fingerprint...

6AI score

Exploits0References1

GithubExploit•added 2026/05/21 4:27 p.m.•36 views

pocx

pocx 一个完善的 yaml poc 引擎，poc 定义在wiki中使用方法参考 example/main.go...

5.8AI score

Exploits0

GithubExploit•added 2026/05/17 8:42 p.m.•42 views

Flawfinder-ANSI-Exploit-POC

Flawfinder-ANSI-Exploit-POC In version 2.0.19 of Flawfinder, n...

5.8AI score

Exploits0

GithubExploit•added 2026/05/17 8:15 a.m.•57 views

Exploit for Code Injection in Anthropic Claude_Code

CVE-2025-59536 PoC Remote Code Execution via Claude Code Pr...

8.8CVSS6.3AI score0.00039EPSS

Exploits5

GithubExploit•added 2026/05/17 1:9 a.m.•49 views

PoCLab

kernel-poc Minimal Linux kernel + QEMU environment for reprod...

7.8CVSS7.3AI score0.02235EPSS

Exploits225

GithubExploit•added 2026/05/10 9:14 a.m.•56 views

pocxgen-agent

PoCXGen Agent An LLM-orchestrated multi-agent pipeline for au...

5.9AI score

Exploits0

GithubExploit•added 2026/05/09 8:15 a.m.•71 views

shenlong-cve-mcp

shenlong-cve-mcp The MCP Server from the Shenlong Vulnerabil...

5.8AI score

Exploits0

Positive Technologies•added 2026/05/09 12:0 a.m.•3 views

PT-2026-39410

Name of the Vulnerable Software and Affected Versions Next.js versions 10.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description When self-hosting with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size...

5.9CVSS5.8AI score0.00018EPSS

Exploits1References9

Positive Technologies•added 2026/05/09 12:0 a.m.•5 views

PT-2026-39412

Name of the Vulnerable Software and Affected Versions Next.js versions 13.0.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description Applications using beforeInteractive scripts combined with untrusted content are susceptible to cross-site scripting XSS, a flaw where malicious scripts...

6.1CVSS5.8AI score0.00012EPSS

Exploits0References9

Positive Technologies•added 2026/05/09 12:0 a.m.•2 views

PT-2026-39419

Name of the Vulnerable Software and Affected Versions Next.js versions 13.4.6 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description React Server Component responses are susceptible to cache poisoning in deployments utilizing shared caches with insufficient response partitioning...

3.7CVSS5.8AI score0.00009EPSS

Exploits1References9

Positive Technologies•added 2026/05/09 12:0 a.m.•6 views

PT-2026-39409

Name of the Vulnerable Software and Affected Versions Next.js versions 15.2.0 through 15.5.15 Next.js versions 16.0.0 through 16.2.4 Description App Router applications using middleware or proxy-based authorization checks may allow unauthorized access via transport-specific route variants used fo...

7.5CVSS5.8AI score0.00053EPSS

Exploits0References12

Snyk•added 2026/05/07 4:8 a.m.•7 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through lib/builtin.js. An attacker can execute host code when the allowlist includes -X or uses and then calls...

9.9CVSS6.2AI score0.00178EPSS

Exploits1References2

GithubExploit•added 2026/05/06 5:44 p.m.•61 views

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 PoC Wireless ADB TLS Auth Bypass This directo...

8.8CVSS6AI score0.00009EPSS

Exploits10

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by