CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

194 matches found

Nuclei•added 2026/06/17 5:14 a.m.•89 views

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

9.8CVSS9.8AI score0.98125EPSS

Exploits7References5

EUVD•added 2026/06/15 3:0 a.m.•7 views

EUVD-2026-36686

A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src/operations.ts of the component RPC Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit h...

5.3CVSS5AI score0.00207EPSS

Exploits0References4

CVE•added 2026/06/15 3:0 a.m.•16 views

CVE-2026-12212

The CVE concerns hcengineering Huly Platform (up to v0.7.0). It affects the RPC Interface component, specifically the getMailboxSecret function in server/account/src/operations.ts. The issue is an improper access control vulnerability that could be triggered remotely. Public disclosure of the exp...

5.3CVSS5AI score0.00207EPSS

Exploits0References4

Cvelist•added 2026/06/09 5:34 p.m.•36 views

CVE-2026-50636 LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS0.00358EPSS

Exploits0References3

ATTACKERKB•added 2026/05/12 8:20 a.m.•5 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS5.9AI score0.00286EPSS

Exploits0References2

Vulnrichment•added 2026/05/12 8:20 a.m.•8 views

CVE-2025-40948

6.8CVSS5.9AI score0.00286EPSS

Exploits0References1

Cvelist•added 2026/05/08 12:0 a.m.•42 views

CVE-2025-69691

Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.execphp. NOTE: the Supplier disputes this because the API call is only available to admins and they are intentionally allowed to execute PHP code...

0.0053EPSS

Exploits4References2

NVD•added 2026/04/23 9:16 p.m.•5 views

CVE-2026-6942

radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command filter through shell metacharacters in user-controlled input passed to r2cmdstr. Attackers can inject shell metacharacters throu...

9.8CVSS0.0192EPSS

Exploits1References3

RedhatCVE•added 2026/01/07 9:42 a.m.•5 views

CVE-1999-0656

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names...

5CVSS7AI score0.01551EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2010-5066

Malware in sbrugna...

6.5CVSS6.1AI score0.02176EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2008-2101

Malware in sbrugna...

4CVSS6.4AI score0.0093EPSS

Exploits0References9