CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/10 9:31 a.m.•6 views

EUVD-2026-28988

5.5CVSS5.7AI score0.02039EPSS

Exploits0References9

ATTACKERKB•added 2026/05/10 6:15 a.m.•3 views

CVE-2026-8235

5.5CVSS5.7AI score0.02039EPSS

Exploits0References8Affected Software1

ATTACKERKB•added 2026/05/10 4:0 a.m.•2 views

CVE-2026-8228

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlanconf/Channel/skiplist/ieee80211h leads to os command injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00351EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/05/10 12:0 a.m.•3 views

MiniClaw 命令注入漏洞

MiniClaw is an AI memory and evolution tool developed by a personal developer. Versions 0.8.0 and 0.9.0 of MiniClaw contain command injection vulnerabilities. These vulnerabilities stem from the function resolveSkillScriptPath in the System Command Handler component’s src/kernel.ts file, which...

5.5CVSS6.1AI score0.02039EPSS

Cvelist•added 2026/05/08 12:0 a.m.•25 views

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

0.00295EPSS

Exploits2References1

Vulnrichment•added 2026/04/28 1:0 p.m.•0 views

CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generatematlabcode/executematlabcode of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead...

CVE•added 2026/04/28 1:0 p.m.•14 views

CVE-2026-7272

The CVE-2026-7272 entry concerns WilliamCloudQi matlab-mcp-server (up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca). The vulnerability is rooted in the function generate_matlab_code/execute_matlab_code within src/index.ts of the MCP Interface, where manipulating the scriptPath argument enables pat...

ATTACKERKB•added 2026/04/28 1:0 p.m.•3 views

CVE-2026-7272

Cvelist•added 2026/04/28 1:0 p.m.•27 views

CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

7.5CVSS0.00073EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35725

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate matlab code/execute matlab code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can...

CNNVD•added 2026/04/28 12:0 a.m.•2 views

Exploits0References7

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the ID parameter in the deletecart function of the...

7.5CVSS7.2AI score0.00043EPSS

Exploits0References2

CNNVD•added 2026/04/28 12:0 a.m.•3 views

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setWiFiBasicCfg function in the CGI Handler component’s /cgi-bin/cstecgi.cgi file, which...

10CVSS7.3AI score0.01221EPSS

Exploits0References2

CNNVD•added 2026/04/28 12:0 a.m.•3 views

MATLAB MCP Server 路径遍历漏洞

MATLAB MCP Server is an AI assistant tool developed by Williamcloudq, which integrates MATLAB functionality. MATLAB MCP Server has a path traversal vulnerability. This vulnerability stems from the operation of the generatematlabcode/executematlabcode functions in the MCP Interface component,...

7.5CVSS7.1AI score0.00073EPSS

NVD•added 2026/04/25 6:16 p.m.•2 views

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS0.00389EPSS

Exploits1References5

RedhatCVE•added 2026/04/13 7:23 p.m.•1 views

CVE-2026-6115

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

10CVSS5.5AI score0.01221EPSS

NVD•added 2026/04/09 8:16 p.m.•0 views

CVE-2026-5976

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument sambaEnabled results in os command injection. It is possible to initiate th...

10CVSS0.01221EPSS

Exploits0References5

Positive Technologies•added 2026/04/09 12:0 a.m.•2 views

PT-2026-31591

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A weakness exists in the Totolink A7100RU router. The setIptvCfg function within the /cgi-bin/cstecgi.cgi file, part of the CGI Handler component, is susceptible to OS command injection...

10CVSS7.4AI score0.01235EPSS

Exploits0References12

RedhatCVE•added 2026/04/06 5:24 a.m.•1 views

CVE-2026-5534

A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. The...

7.5CVSS6.9AI score0.00043EPSS