CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

106789 matches found

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27221

OpenClaw versions prior to 2026.2.18 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written unquoted to gateway.cmd, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands...

7.4CVSS6AI score

Exploits0References4

Packet Storm News•added 2026/03/23 12:0 a.m.•1 views

DNS Monitoring System with HTTP Dashboard

This Python script implements a small Security Operations Center Mini SOC that focuses on DNS traffic monitoring...

5.8AI score

Exploits0

Positive Technologies•added 2026/03/23 12:0 a.m.•3 views

PT-2026-27168

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...

8.6CVSS6.4AI score0.00344EPSS

Exploits1References2

Positive Technologies•added 2026/03/23 12:0 a.m.•3 views

PT-2026-27239

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

7.8CVSS6.3AI score

Exploits0References5

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27199

A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first Name leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and...

5.1CVSS4AI score0.00038EPSS

Exploits1References5

Positive Technologies•added 2026/03/23 12:0 a.m.•5 views

PT-2026-27202

Name of the Vulnerable Software and Affected Versions NetScaler ADC versions prior to 14.1-60.58 NetScaler Gateway versions prior to 13.1-662.23 Description Insufficient input validation in NetScaler ADC and NetScaler Gateway, when configured as a SAML Identity Provider IdP, leads to an...

9.8CVSS7.5AI score0.89915EPSS

Exploits7References300

OSV•added 2026/03/22 4:50 p.m.•4 views

MAL-2026-2029 Malicious code in pipinpeace-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 471ba9f8dde66035e8bff446fc8acb160f041648a1fc47dd3f00db6e2ea58d08 Package is designed to start a reverse shell during installation. However, it requires providing a URL as an installation parameter, which suggests it's more...

6AI score

Exploits0References1

EUVD•added 2026/03/22 12:32 p.m.•2 views

EUVD-2026-14295

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

6.5CVSS5.5AI score0.00622EPSS

Exploits1References7

NVD•added 2026/03/22 10:16 a.m.•2 views

CVE-2026-4544

A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argument homepage/hostname/loginpage can lead to cross site scripting. It is possible to launch the...

4.8CVSS0.00059EPSS

Exploits1References7

Cvelist•added 2026/03/22 9:23 a.m.•26 views

CVE-2026-4543 Wavlink WL-WN578W2 POST Request firewall.cgi command injection

6.5CVSS0.00622EPSS

Exploits1References6

Positive Technologies•added 2026/03/22 12:0 a.m.•3 views

PT-2026-26971

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploi...

7.5CVSS6.8AI score0.00014EPSS

Exploits0References5

EUVD•added 2026/03/21 6:31 p.m.•4 views

EUVD-2019-19899

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS6.2AI score0.00109EPSS

Exploits1References5

NVD•added 2026/03/21 4:16 p.m.•4 views

CVE-2019-25576

8.8CVSS0.00109EPSS

Exploits1References4

EUVD•added 2026/03/21 3:33 p.m.•3 views

EUVD-2019-19858

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field ...

6.9CVSS5.8AI score0.0002EPSS

Exploits1References4

EUVD•added 2026/03/21 3:33 p.m.•2 views

EUVD-2019-19862

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability that allows local attackers to crash the application by importing a malformed .srp script file. Attackers can create a .srp file containing an excessively large buffer and import it through the Script Player interface to...

6.9CVSS6AI score0.0002EPSS

Exploits1References4

CVE•added 2026/03/21 3:30 p.m.•6 views

CVE-2019-25576

CVE-2019-25576 affects Kepler Wallpaper Script 1.1 and is described as an SQL injection in the category parameter. An unauthenticated attacker can send GET requests with URL-encoded SQL UNION statements to retrieve data such as usernames, database names, and MySQL version details. The connected s...

8.8CVSS6.2AI score0.00109EPSS

Exploits1References4Affected Software1