CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/01 12:0 a.m.•14 views

PT-2026-45551

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home employee.php. The manipulation of the argument emp id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

6.5CVSS5.6AI score0.00204EPSS

Exploits0References7

RedhatCVE•added 2026/05/11 8:27 p.m.•6 views

CVE-2026-8235

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is...

5.5CVSS5.7AI score0.01387EPSS

EUVD•added 2026/05/10 9:31 a.m.•13 views

EUVD-2026-28988

5.5CVSS5.7AI score0.01387EPSS

Exploits0References9

ATTACKERKB•added 2026/05/10 6:15 a.m.•4 views

CVE-2026-8235

5.5CVSS5.7AI score0.01387EPSS

Exploits0References8Affected Software1

ATTACKERKB•added 2026/05/10 4:0 a.m.•5 views

CVE-2026-8228

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlanconf/Channel/skiplist/ieee80211h leads to os command injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.04807EPSS

Exploits1References4Affected Software1

CNNVD•added 2026/05/10 12:0 a.m.•8 views

MiniClaw 命令注入漏洞

MiniClaw is an AI memory and evolution tool developed by a personal developer. Versions 0.8.0 and 0.9.0 of MiniClaw contain command injection vulnerabilities. These vulnerabilities stem from the function resolveSkillScriptPath in the System Command Handler component’s src/kernel.ts file, which...

5.5CVSS6.1AI score0.01387EPSS

Cvelist•added 2026/05/08 12:0 a.m.•32 views

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

0.01143EPSS

Exploits2References1

Vulnrichment•added 2026/04/28 1:0 p.m.•1 views

CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generatematlabcode/executematlabcode of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can lead...

ATTACKERKB•added 2026/04/28 1:0 p.m.•3 views

CVE-2026-7272

Cvelist•added 2026/04/28 1:0 p.m.•31 views

CVE-2026-7272 WilliamCloudQi matlab-mcp-server MCP index.ts execute_matlab_code path traversal

7.5CVSS0.00424EPSS

CVE•added 2026/04/28 1:0 p.m.•21 views

CVE-2026-7272

The CVE-2026-7272 entry concerns WilliamCloudQi matlab-mcp-server (up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca). The vulnerability is rooted in the function generate_matlab_code/execute_matlab_code within src/index.ts of the MCP Interface, where manipulating the scriptPath argument enables pat...

CNNVD•added 2026/04/28 12:0 a.m.•7 views

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability. This vulnerability stems from the ID parameter in the deletecart function of the...

7.5CVSS7.2AI score0.00254EPSS

Exploits0References2

CNNVD•added 2026/04/28 12:0 a.m.•7 views

MATLAB MCP Server 路径遍历漏洞

MATLAB MCP Server is an AI assistant tool developed by Williamcloudq, which integrates MATLAB functionality. MATLAB MCP Server has a path traversal vulnerability. This vulnerability stems from the operation of the generatematlabcode/executematlabcode functions in the MCP Interface component,...

7.5CVSS7.1AI score0.00424EPSS

CNNVD•added 2026/04/28 12:0 a.m.•5 views

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setWiFiBasicCfg function in the CGI Handler component’s /cgi-bin/cstecgi.cgi file, which...

10CVSS7.3AI score0.02448EPSS

Exploits0References2

Positive Technologies•added 2026/04/28 12:0 a.m.•4 views

PT-2026-35725

A flaw has been found in WilliamCloudQi matlab-mcp-server up to ab88f6b9bf5f36f725e8628029f7f6dd0d9913ca. The affected element is the function generate matlab code/execute matlab code of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument scriptPath can...

NVD•added 2026/04/25 6:16 p.m.•4 views

Exploits0References7

CVE-2026-6992

A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/runcentral2.sh of the component JNAP Action Handler. The manipulation of the argument pin leads to os command injection. The attack may be initiated...

8.6CVSS0.06058EPSS

Exploits1References5

RedhatCVE•added 2026/04/13 7:23 p.m.•4 views

CVE-2026-6115

A flaw has been found in Totolink A7100RU 7.4cu.2313b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enable can lead to os command injection. The attack may be launched remotely. The exploit has...

10CVSS5.5AI score0.01823EPSS