CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

222 matches found

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...

10CVSS7.2AI score0.99539EPSS

Exploits22References4

Nuclei•added yesterday•23 views

LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions. id: CVE-2022-45808 info: name: LearnPress Plugin 4.2.0 - Unauthenticated Time-Based Blind SQLi author: DhiyaneshDK severity: critical description: | SQL Injection vulnerability in LearnPress – WordPress LMS...

9.9CVSS7.4AI score0.04269EPSS

Exploits2References2

Positive Technologies•added 2026/06/14 12:0 a.m.•12 views

PT-2026-49110

Name of the Vulnerable Software and Affected Versions GL.iNet GL-MT3000 versions prior to 4.7 Description An issue in the Online Firmware Upgrade Handler component allows for remote command injection via the /usr/bin/one click upgrade file. Command injection is a flaw that allows an attacker to...

9CVSS8.4AI score0.0194EPSS

Exploits0References10

Positive Technologies•added 2026/06/14 12:0 a.m.•9 views

PT-2026-49112

Name of the Vulnerable Software and Affected Versions GALAYOU Y4 version 1.0.0 Description A buffer overflow occurs in the Web Server component due to the manipulation of an unknown function. This issue is exploitable only within the local network. Recommendations At the moment, there is no...

8.8CVSS8.2AI score0.00316EPSS

Exploits0References6

Positive Technologies•added 2026/06/07 12:0 a.m.•9 views

PT-2026-47192

Name of the Vulnerable Software and Affected Versions Tenda HG7HG9 and HG10 affected versions not specified Description A stack-based buffer overflow can be triggered remotely within the Web Management Interface. The issue exists in the asp voip OtherSet function located in the /boaform/voip othe...

9CVSS8.1AI score0.03799EPSS

Exploits0References8

Positive Technologies•added 2026/05/25 12:0 a.m.•17 views

PT-2026-43020

A severe vulnerability was disclosed for Edimax EW-7438RPn CVE-2026-9482 https://t.co/41d9U3ZOrq...

5.8AI score0.00589EPSS

Exploits0References1

Positive Technologies•added 2026/05/24 12:0 a.m.•12 views

PT-2026-42951

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.31 Description A stack-based buffer overflow exists in the webs component. This issue occurs during the manipulation of the selSSID/submit-url argument within the formWlSiteSurvey function of the...

9CVSS7.6AI score0.00445EPSS

Exploits0References5

Positive Technologies•added 2026/05/06 12:0 a.m.•11 views

PT-2026-45137

Name of the Vulnerable Software and Affected Versions Tenda W12 version 3.0.0.74763 Description A stack-based buffer overflow occurs in the /bin/httpd file. The issue is triggered by manipulating the Time argument within the set local time 0 function, allowing for remote attacks. Recommendations ...

9CVSS8.2AI score0.00503EPSS

Exploits0References16

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36916

Name of the Vulnerable Software and Affected Versions Quarkus version 3.32.4 Description An authorization bypass exists where semicolons used as matrix parameters in HTTP requests can circumvent security constraints, potentially granting unauthorized access to protected resources. Unauthenticated...

9.8CVSS5.9AI score0.00545EPSS

Exploits9References73

Positive Technologies•added 2026/04/26 12:0 a.m.•7 views

PT-2026-35228

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used...

8.8CVSS8.5AI score0.01871EPSS

Exploits1References7

Positive Technologies•added 2026/04/12 12:0 a.m.•2 views

PT-2026-32187

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Specifically, manipulating the FileName argument within the UploadFirmwareFile function,...

10CVSS7.3AI score0.02199EPSS

Exploits0References11

Positive Technologies•added 2026/03/22 12:0 a.m.•4 views

PT-2026-27015

Name of the Vulnerable Software and Affected Versions Belkin F9K1122 version 1.00.33 Description A flaw exists in Belkin F9K1122. The issue involves a stack-based buffer overflow that can be triggered by manipulating the webpage argument within the formWISP5G function located in the...

9CVSS7.7AI score0.00687EPSS

Exploits1References13

Positive Technologies•added 2026/03/21 12:0 a.m.•5 views

PT-2026-26919

A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...

9CVSS8AI score0.00632EPSS

Exploits1References7

Positive Technologies•added 2026/02/20 12:0 a.m.•4 views

PT-2026-21294

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router, specifically in the function sub 41914C within the /boafrm/formWanConfigSetup component, which handles WAN interface configuration. The issue allows a...

9CVSS8.4AI score0.00728EPSS

Exploits1References13

Positive Technologies•added 2026/01/27 12:0 a.m.•5 views

PT-2026-5017

A severe vulnerability was disclosed for Xen CVE-2025-58151 https://t.co/aRR5DmmtNF...

5.9AI score

Exploits0References5

MSRC•added 2025/11/18 12:0 a.m.•6 views

Weaponizing cross site scripting: When one bug isn’t enough

Cross-Site Scripting XSS is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities...

6.1AI score

Exploits0