CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4617 matches found

CNNVD•added 2026/02/19 12:0 a.m.•7 views

WordPress plugin iThemes Sync 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00152EPSS

Exploits0References1

Positive Technologies•added 2026/02/19 12:0 a.m.•5 views

PT-2026-20762

Missing Authorization vulnerability in StellarWP iThemes Sync ithemes-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through = 3.2.8...

5.5AI score0.00152EPSS

Exploits0References1

Github Security Blog•added 2026/02/18 5:39 p.m.•15 views

OpenClaw: Prevent shell injection in macOS keychain credential write

Summary On macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. The fix avoids invoking a...

8CVSS5.6AI score0.012EPSS

Exploits0References8Affected Software1

OSV•added 2026/02/18 5:39 p.m.•5 views

GHSA-4564-PVR2-QQ4H OpenClaw: Prevent shell injection in macOS keychain credential write

7.6CVSS5.6AI score0.012EPSS

Exploits0References8

Fedora•added 2026/02/17 12:56 a.m.•6 views

[SECURITY] Fedora 43 Update: rsync-3.4.1-5.fc43

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

4.3CVSS5.5AI score0.00283EPSS

Exploits0

OSV•added 2026/02/14 3:3 p.m.•9 views

CLSA-2026-1771081379 kernel: Fix of 76 CVEs

HID: core: ensure the allocated report buffer can contain the reserved report ID CVE-2025-38495 - fs/proc: fix uaf in procreaddirde CVE-2025-40271 - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer CVE-2025-40269 - Bluetooth: ISO: Fix possible UAF on isoconnfree CVE-2025-40141 -...

7.8CVSS7AI score0.00544EPSS

Exploits2References1

OSV•added 2026/02/13 1:14 p.m.•3 views

OESA-2026-1339 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: md/dm-raid: don't call mdreapsyncthread directly Currently mdreapsyncthread is called from raidmessage directly without holding 'reconfigmutex', this is definite...

7.8CVSS5.9AI score0.0037EPSS

Exploits4References22

OSV•added 2026/02/13 1:14 p.m.•3 views

OESA-2026-1337 kernel security update

7.8CVSS5.7AI score0.00331EPSS

Exploits3References14

CNNVD•added 2026/02/11 12:0 a.m.•3 views

QNAP Qsync Central 安全漏洞

QNAP Qsync Central is a cloud-based file synchronization service for NAS devices provided by QNAP Technology Co., Ltd. Versions of QNAP Qsync Central prior to 5.0.0.4 contained a security vulnerability caused by relative path traversal, which could lead to the reading of unexpected files or syste...

6.5CVSS5.8AI score0.00416EPSS

Exploits0References2

NVD•added 2026/02/10 6:16 p.m.•7 views

CVE-2026-0652

On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbitrary system commands with high impact on confidentiality, integrity and availability. It may cau...

8.8CVSS0.22757EPSS

Exploits1References3

ATTACKERKB•added 2026/02/10 5:27 p.m.•3 views

CVE-2026-0653

On TP-Link Tapo C260 v1 and D235 v1, a guest‑level authenticated user can bypass intended access restrictions by sending crafted requests to a synchronization endpoint. This allows modification of protected device settings despite limited privileges. An attacker may change sensitive configuration...

7.2CVSS5.8AI score0.00386EPSS

Exploits1References5

Fedora•added 2026/02/10 1:34 a.m.•6 views

[SECURITY] Fedora 43 Update: atuin-18.6.1-10.fc43

Atuin replaces your existing shell history with a SQLite database, and records additional context for your commands. Additionally, it provides optional and fully encrypted synchronization of your history between machines, via an Atuin server...

7.5CVSS5.5AI score0.00443EPSS

Exploits1

Tenable Nessus•added 2026/02/10 12:0 a.m.•6 views

Siemens SCALANCE and RUGGEDCOM Improper Input Validation (CVE-2025-38085)

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugepmdunshare vs GUP-fast race hugepmdunshare drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in...

4.7CVSS6.3AI score0.00111EPSS

Exploits0References4

RedhatCVE•added 2026/02/08 1:21 a.m.•5 views

CVE-2025-68621

Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0, a critical timing attack vulnerability in Trilium's sync authentication endpoint allows unauthenticated remote attackers to recover HMAC...

7.4CVSS5.5AI score0.00509EPSS

Exploits2References1

RedhatCVE•added 2026/02/07 7:30 p.m.•3 views

CVE-2026-22592

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, an authenticated user can cause a DOS attack. If one of the repo files is deleted before synchronization, it will cause the application to crash. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

6.5CVSS5.2AI score0.00336EPSS

Exploits1References1

NVD•added 2026/02/06 10:16 p.m.•6 views

CVE-2025-68621

7.4CVSS0.00509EPSS

Exploits2References2