Lucene search
K

7921 matches found

GithubExploit
GithubExploit
added 2026/03/16 11:51 a.m.163 views

Exploit for Path Traversal in Apache Http_Server

Apache 2.4.49 Path Traversal Lab — CVE-2021-41773 Clone...

9.8CVSS7.4AI score0.99992EPSS
Exploits148
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.5 views

D-Link DIR-816 安全漏洞

The D-Link DIR-816 is a wireless router produced by D-Link Corporation. The D-Link DIR-816 1.10CNB05 version has a security vulnerability. This vulnerability stems from incorrect handling of the parameter pskValue in the file/goform/form2WlanBasicSetup.cgi, which may lead to a stack buffer overfl...

10CVSS7.5AI score0.01184EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Quip MCP Server 命令注入漏洞

Quip MCP Server is a documentation-based server developed by AvinashBole. Version 1.0.0 of Quip MCP Server has a command injection vulnerability, which stems from incorrect operations on the function setupToolHandlers in the file src/index.ts, potentially leading to command injection...

6.5CVSS6.6AI score0.01301EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/15 8:32 p.m.39 views

CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

6.5CVSS0.01301EPSS
Exploits0References6
CVE
CVE
added 2026/03/15 8:32 p.m.14 views

CVE-2026-4192

The CVE-2026-4192 entry concerns AvinashBole quip-mcp-server 1.0.0, where the function setupToolHandlers in src/index.ts is vulnerable to command injection. The vulnerability is described as exploitable remotely, with the exploit publicly disclosed and the project reportedly not responding to the...

6.5CVSS6.2AI score0.01301EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/15 8:32 p.m.2 views

CVE-2026-4192 AvinashBole quip-mcp-server index.ts setupToolHandlers command injection

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

6.5CVSS6.2AI score0.01301EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/15 4:32 p.m.2 views

CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The...

10CVSS8AI score0.01184EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/15 4:32 p.m.35 views

CVE-2026-4183 D-Link DIR-816 goahead form2WlanBasicSetup.cgi stack-based overflow

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05. Affected is an unknown function of the file /goform/form2WlanBasicSetup.cgi of the component goahead. Such manipulation of the argument pskValue leads to stack-based buffer overflow. The attack can be executed remotely. The...

10CVSS0.01184EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.2 views

PT-2026-25567

A vulnerability has been found in AvinashBole quip-mcp-server 1.0.0. Affected by this vulnerability is the function setupToolHandlers of the file src/index.ts. Such manipulation leads to command injection. The attack may be performed from remote. The exploit has been disclosed to the public and m...

6.5CVSS5.4AI score0.01301EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/13 8:54 p.m.4 views

Insertion of Sensitive Information into Log File

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the pairing setup. An attacker can gain unauthorized access to long-lived shared gateway credentials by obtaining a leaked setup code...

8.6CVSS5.9AI score0.00246EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:36 p.m.1 views

CVE-2026-3556

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...

8.8CVSS6.3AI score0.00514EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/13 8:36 p.m.33 views

CVE-2026-3556 Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...

8.8CVSS0.00514EPSS
Exploits0References1
CVE
CVE
added 2026/03/13 8:36 p.m.21 views

CVE-2026-3556

The CVE-2026-3556 issue affects Philips Hue Bridge, specifically in the hk_hap_pair_storage_put function used during HomeKit pairing. The vulnerability is a heap-based buffer overflow caused by inadequate validation of user-supplied data length prior to copying into a fixed-length heap buffer, al...

8.8CVSS7.8AI score0.00514EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 8:36 p.m.2 views

CVE-2026-3556 Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability

Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The...

8.8CVSS7.8AI score0.00514EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/03/12 8:32 a.m.3 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. In affected versions the URBDRC client does not perform bounds checking on server‑supplied MSUSBINTERFACEDESCRIPTOR values and uses them as indices in libusbudevcompletemsconfigsetup, causing an out‑of‑bounds read...

9.1CVSS5.9AI score0.00756EPSS
Exploits1References6
EUVD
EUVD
added 2026/03/12 6:31 a.m.11 views

EUVD-2026-11521

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

9CVSS6.3AI score0.00715EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/12 6:0 a.m.5 views

CVE-2026-2687 Reading progressbar < 1.3.1 - Admin+ Stored XSS

The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.8AI score0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 6:0 a.m.12 views

CVE-2026-2687

CVE-2026-2687 affects the WordPress plugin Reading progressbar prior to 1.3.1. The vulnerability arises because the plugin does not sanitize and escape certain settings, which could allow stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisi...

4.3CVSS5.8AI score0.00138EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 4:16 a.m.6 views

CVE-2026-3978

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

9CVSS0.00715EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/12 3:32 a.m.27 views

CVE-2026-3978 D-Link DIR-513 formEasySetupWizard3 stack-based overflow

A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wanconnected results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may b...

9CVSS0.00715EPSS
Exploits1References5
Rows per page
Query Builder