CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

985 matches found

GithubExploit•added 2026/04/27 1:58 a.m.•83 views

mcp-stdio-exploit

MCP STDIO Exploit: A Local Reimplementation Vulnerability...

6.4AI score

Exploits0

RedhatCVE•added 2026/04/08 7:34 p.m.•1 views

CVE-2026-35518

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS CNAME records configuration parameter dns.cnameRecords. This vulnerability allows a...

8.8CVSS6.2AI score0.0048EPSS

Exploits1References1

CVE•added 2026/03/18 12:48 a.m.•7 views

CVE-2026-28674

Product/Context: xiaoheiFS (self-hosted financial/operational system). Vulnerability: In versions ≤ 0.3.15, the AdminPaymentPluginUpload endpoint allows admins to upload any file to plugins/payment/ with only a hardcoded password (qweasd123456) and disregards file content. A background watcher (S...

7.2CVSS5.7AI score0.00073EPSS

Exploits1References1Affected Software1

Packet Storm•added 2026/03/04 12:0 a.m.•115 views

📄 WordPress AI Buddy 1.8.5 Shell Upload

Proof of concept exploit for a shell upload vulnerability in WordPress AI Buddy plugin versions 1.8.5 and below. This exploit is written in PHP. ============================================================================================================================================= | Title :...

9.1CVSS5.9AI score0.00469EPSS

Exploits5

Packet Storm•added 2026/03/02 12:0 a.m.•115 views

📄 WordPress Project Notebooks 1.1.4 Remote Code Execution

Proof of concept exploit for the WordPress Project Notebooks plugin version 1.1.4 remote code execution vulnerability that allows for privilege escalation through improper validation of AJAX actions and nonce exposure...

9.8CVSS6.5AI score0.01278EPSS

Exploits2

OpenVAS•added 2026/01/30 12:0 a.m.•5 views

openSUSE Security Advisory (SUSE-SU-2026:0313-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS5.9AI score0.001EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 10:45 a.m.•14 views

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

7.2CVSS6.7AI score0.00875EPSS

Exploits2References1

RedhatCVE•added 2026/01/09 8:33 a.m.•6 views

CVE-2024-39700

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

9.9CVSS7AI score0.03919EPSS

Exploits3References1

Positive Technologies•added 2025/10/10 12:0 a.m.•5 views

PT-2025-41532

Name of the Vulnerable Software and Affected Versions NVIDIA Display Driver affected versions not specified Description The NVIDIA Display Driver contains a flaw where an uncontrolled DLL loading path can be exploited. This could lead to arbitrary denial of service, escalation of privileges, code...

8.2CVSS6.9AI score0.00014EPSS

Exploits0References9