CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

277 matches found

CVE-2026-44421

CVE-2026-44421 affects FreeRDP prior to 3.26.0. A malicious RDP server can trigger a heap-buffer-overflow in the client via crafted RDPGFX PDUs in gdi_CacheToSurface, by validating a destination rectangle clamped to UINT16_MAX but copying using the original cacheEntry->width/height, causing a ...

8.8CVSS5.9AI score0.00051EPSS

Exploits1References1Affected Software1

Positive Technologies•added 6 days ago•8 views

PT-2026-44982

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description A heap-buffer-overflow write can be triggered in the client when connecting to a malicious RDP server that sends crafted RDPGFX PDUs Protocol Data Units. The issue occurs in the gdi CacheToSurface...

8.8CVSS6.1AI score0.00051EPSS

Exploits1References3

RedhatCVE•added 2026/01/07 9:39 a.m.•4 views

CVE-1999-0185

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution...

7.5CVSS7.1AI score0.01488EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:10 a.m.•9 views

CVE-2019-7589

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and...

10CVSS6.9AI score0.00268EPSS

Exploits0References1

GithubExploit•added 2025/12/10 8:36 a.m.•110 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55...

10CVSS7.1AI score0.82011EPSS

Exploits358

Hacker One•added 2025/12/10 2:16 a.m.•14 views

curl: Terminal Output Not Great

Summary: No AI here, I just came across this: python import random import string from http.server import BaseHTTPRequestHandler, HTTPServer class MaliciousHandlerBaseHTTPRequestHandler: def doGETself: self.sendresponse200 self.sendheader'Content-Type', 'text/plain' randid =...

6.9AI score

Exploits0

Packet Storm•added 2025/11/27 12:0 a.m.•139 views

📄 Monsta FTP DownloadFile Remote Code Execution

This Metasploit module exploits a pre-authenticated remote code execution vulnerability in Monsta FTP versions prior to 2.11.3. The vulnerability exists in the downloadFile action which allows an attacker to connect to a malicious FTP or SFTP server and download arbitrary files to arbitrary...

9.8CVSS8.1AI score0.7411EPSS

Exploits6

GithubExploit•added 2025/11/20 2:54 a.m.•154 views

minecraft-server-exploit-finder

minecraft-server-exp...

7.1AI score

Exploits0