CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•5 views

EUVD-2026-39161

OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, maxttl, count, or timeout request parameters due to insufficient input validation when constructing shell...

7.7CVSS6.3AI score0.00554EPSS

CVE•added 3 days ago•6 views

CVE-2026-8592

The CVE-2026-8592 entry describes an OS Command Injection in the process_string action of the Rapid7 InsightConnect AWK Plugin on Linux, caused by unsafe shell command construction in the processing pipeline. The vulnerability could allow remote attackers to execute arbitrary OS commands via the ...

7.7CVSS6.3AI score0.00554EPSS

Cvelist•added 3 days ago•29 views

CVE-2026-8660 OS Command Injection in Rapid7 InsightConnect Ping Plugin

OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due to insufficient input validation when constructing shell commands...

7.7CVSS0.00554EPSS

EUVD•added 3 days ago•6 views

EUVD-2026-39148

Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the existing...

8.8CVSS6.4AI score0.01373EPSS

EUVD•added 3 days ago•3 views

EUVD-2026-39116

ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.2CVSS7.6AI score0.01477EPSS

EUVD•added 3 days ago•4 views

EUVD-2026-39149

Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS5.4AI score0.0067EPSS

EUVD•added 3 days ago•4 views

EUVD-2026-39156

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...

7.4CVSS5.8AI score0.00125EPSS

NVD•added 3 days ago•5 views

CVE-2026-9780

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS0.0067EPSS

NVD•added 3 days ago•8 views

CVE-2026-7569

8.8CVSS0.0067EPSS

VulnCheck KEV•added 3 days ago•6 views

VulnCheck KEV: CVE-2026-12569

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.8CVSS6.5AI score0.01106EPSS

In wildExploits0References3

Tenable Nessus•added 3 days ago•5 views

Photon OS 4.0: Nodejs PHSA-2026-4.0-1041

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1041. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

5.3CVSS6.2AI score0.00445EPSS

CVE•added 3 days ago•8 views

CVE-2026-37149

GCV- CVE-2026-37149 affects GROCERY-STORE-MANAGEMENT-SYSTEM-USING-PHP-AND-MYSQL-PHPMYADMIN v1.0. A SQL injection vulnerability exists in the scost parameter of /grocery/search_products.php, enabling an attacker to access sensitive database information through a crafted SQL statement. The CVSS v3....

7.7CVSS5.9AI score0.00215EPSS

IBM Security Bulletins•added 4 days ago•12 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affect IBM Cloud Pak System [CVE-2024-21144, CVE-2024-21131, CVE-2024-27267]

Summary Vulnerabilities in IBM® SDK Java™ Technology Edition affect IBM Cloud Pak System . These issues were disclosed as part of the IBM Java SDK updates in July 2024. Vulnerability Details CVEID:CVE-2024-21144 DESCRIPTION: An unspecified vulnerability in Java SE related to the Concurrency...

5.9CVSS6.7AI score0.01056EPSS

Exploits0Affected Software1

NVD•added 4 days ago•5 views

CVE-2026-9777

ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the restoreDB...

7.2CVSS0.01477EPSS

NVD•added 4 days ago•6 views

CVE-2026-9778

7.2CVSS0.01477EPSS

NVD•added 4 days ago•7 views

CVE-2026-55570

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS