CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

257 matches found

CVE-2026-49188

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

9.8CVSS0.00022EPSS

Exploits0References1

EUVD•added yesterday•5 views

EUVD-2026-34205

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

9.8CVSS6.1AI score0.00022EPSS

Exploits0References1

ATTACKERKB•added yesterday•5 views

CVE-2026-49188

The aicmd utility executes with full root permissions. It pipes socket inputs directly to popen, paving the way for unauthenticated users to execute arbitrary root commands...

8.7CVSS6.1AI score0.00022EPSS

Exploits0References2

Github Security Blog•added 2026/05/21 8:20 p.m.•3 views

Snappy : SSRF and local file read via the xsl-style-sheet option

Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive file access ; It could happens with this kind of workflows: php $stylesheet = $GET'stylesheet'; // = ‘file:///etc/passwd’ $pdf = new...

5.8AI score

Exploits0References2Affected Software1

Cvelist•added 2026/05/08 6:51 p.m.•28 views

CVE-2026-29203

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path...

5.3CVSS0.00046EPSS

Exploits0References1

CNNVD•added 2026/05/08 12:0 a.m.•4 views

cPanel 安全漏洞

cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has security vulnerabilities; these vulnerabilities stem from the fact that the chmod calls in...

8.8CVSS6.1AI score0.00046EPSS

Exploits0References1

RedhatCVE•added 2026/03/26 3:16 p.m.•2 views

CVE-2026-24063

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

8.2CVSS5.9AI score0.00013EPSS

Exploits1References1

NVD•added 2026/03/16 2:17 p.m.•2 views

CVE-2017-20218

Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users...

8.5CVSS0.00019EPSS

Exploits1References7

Cvelist•added 2026/03/15 6:34 p.m.•18 views

CVE-2017-20218 Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path

8.5CVSS0.00019EPSS

Exploits1References7

CVE•added 2026/03/03 1:17 p.m.•9 views

CVE-2026-3342

Technical details about CVE-2026-3342 are not provided in the supplied documents. Monitor for updates from WatchGuard advisory; no public details on affected firmware behavior, exploit methods, or fixes are disclosed here.

8.6CVSS6.2AI score0.00043EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/11 8:49 p.m.•2 views

CVE-2020-37153

ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...

9.8CVSS5.7AI score0.00176EPSS

Exploits1References4Affected Software1

RedhatCVE•added 2026/01/09 11:29 a.m.•3 views

CVE-2021-27372

Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly gain access to the device with root permissions via the build-in network monitoring tool and execute arbitrary commands...

10CVSS7.8AI score0.0032EPSS

Exploits0References1

OSV•added 2026/01/02 5:44 p.m.•3 views

BIT-PEBBLE-2024-3250

It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2,...

6.5CVSS6.5AI score0.00061EPSS

Exploits0References3

AlpineLinux•added 2025/11/25 1:15 a.m.•3 views

CVE-2025-64761

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

7.5CVSS6.8AI score0.00036EPSS

Exploits0References3

OSV•added 2025/11/25 12:1 a.m.•2 views

CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

7.5CVSS6.7AI score0.00036EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-3313

Malware in sbrugna...

7.8CVSS7.5AI score0.00111EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views