CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30432 matches found

Packet Storm News•added 2026/05/05 12:0 a.m.•4 views

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

5.8AI score

Exploits0

Positive Technologies•added 2026/05/05 12:0 a.m.•7 views

PT-2026-37273

Name of the Vulnerable Software and Affected Versions Grav versions prior to 2.0.0-beta.2 Description An authenticated user with administrative privileges can achieve Remote Code Execution RCE by uploading a specially crafted ZIP file through the "Direct Install" tool. The system fails to inspect...

9.1CVSS6.1AI score0.00455EPSS

Exploits2References10

OSV•added 2026/05/04 8:23 p.m.•2 views

GHSA-X3H8-JRGH-P8JX OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs

Summary Exec allowlist analysis rejects shell expansion in unquoted heredocs Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact An allowlisted command containing an unquoted heredoc could hide shell expansion in the heredoc body...

5.8AI score

Exploits0References3

Snyk•added 2026/05/04 8:23 p.m.•7 views

Information Exposure

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Information Exposure in the analysis of allowlisted commands containing unquoted heredocs. An attacker can cause unintended shell expansion by crafting a command that hides malicious code...

8.8CVSS5.9AI score0.00087EPSS

Exploits0References2

Github Security Blog•added 2026/05/04 8:23 p.m.•5 views

OpenClaw's exec allowlist analysis rejects shell expansion in unquoted heredocs

5.8AI score

Exploits0References3Affected Software1

NVD•added 2026/05/04 8:16 p.m.•3 views

CVE-2026-41925

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the adm.cgi binary's reboottime function that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the reboottime POST parameter. Attacke...

9.3CVSS0.0062EPSS

Exploits0References3

Vulnrichment•added 2026/05/04 7:17 p.m.•5 views

CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

9.3CVSS5.9AI score0.00601EPSS

Exploits0References3

NVD•added 2026/05/04 6:16 p.m.•2 views

CVE-2026-0073

In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...

8.8CVSS0.00012EPSS

Exploits10References1

Vulnrichment•added 2026/05/04 6:0 p.m.•2 views

CVE-2026-0073

6.2AI score0.00012EPSS

Exploits10References1

EUVD•added 2026/05/04 6:0 p.m.•2 views

EUVD-2026-27041

8.8CVSS6.2AI score0.00012EPSS

Exploits10References1

NVD•added 2026/05/04 5:16 p.m.•6 views

CVE-2026-42373

D-Link DIR-605L Hardware Revision B2 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn76dlwbrdir605L" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

9.8CVSS0.00269EPSS

Exploits1References1

NVD•added 2026/05/04 5:16 p.m.•6 views

CVE-2026-42372

D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

8.8CVSS0.00092EPSS

Exploits1References1

EUVD•added 2026/05/04 4:48 p.m.•3 views

EUVD-2026-27009

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the extractLLM function allows attackers to execute arbitrary shell commands on the server. The function constructs a curl command using string concatenation and passes it to...

9.8CVSS6.7AI score0.00547EPSS

Exploits0References2

CVE•added 2026/05/04 4:2 p.m.•9 views

CVE-2026-42375

D-Link DIR-600L A1 (End-of-Life) is affected by CVE-2026-42375 due to a hardcoded telnet backdoor. The device runs a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password read from /etc/alpha_config/image_sign. The custom telnetd binary accepts a -u u...

9.8CVSS5.8AI score0.00269EPSS

Exploits1References1Affected Software1

CVE•added 2026/05/04 4:0 p.m.•6 views

CVE-2026-42374

The CVE affects D-Link DIR-600L Hardware Revision B1 (EOL). A hardcoded telnet backdoor starts a telnet daemon at boot and uses the username "Alphanetworks" with a static password read from /etc/alpha_config/image_sign (wrgn61_dlwbr_dir600L). The custom telnetd accepts -u user:password, and the l...

9.8CVSS5.8AI score0.00269EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/04 4:0 p.m.•1 views

CVE-2026-42374

D-Link DIR-600L Hardware Revision B1 End-of-Life contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn61dlwbrdir600L" read from /etc/alphaconfig/imagesign. The custom telnetd binary accep...

9.8CVSS5.8AI score0.00269EPSS

Exploits1References2