CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

516 matches found

Progress Telerik Report Server - Authentication Bypass

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. id: CVE-2024-4358 info: name: Progress Telerik Report Server - Authenticatio...

9.9CVSS7.5AI score0.97482EPSS

Exploits14References3

OSV•added 2026/06/02 5:45 p.m.•5 views

OPENSUSE-SU-2026:20892-1 Security update for yq

This update for yq fixes the following issues: Changes in yq: - Fix multiple CVEs: CVE-2026-27136 GO-2026-5030 CVE-2026-25681 GO-2026-5029 CVE-2026-25680 GO-2026-5028 CVE-2026-42502 GO-2026-5027 CVE-2026-42506 GO-2026-5025 bsc1267053 CVE-2026-39821 GO-2026-5026 bsc1267199 - update to v4.53.2 Add...

9.6CVSS5.9AI score0.00856EPSS

Exploits1References17

Cvelist•added 2026/06/02 12:0 a.m.•38 views

CVE-2026-35717

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

0.00296EPSS

Exploits0References2

RedHat Linux•added 2026/05/19 1:52 p.m.•8 views

Moderate: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7AI score0.01729EPSS

Exploits0References5

OSV•added 2026/04/06 12:30 a.m.•0 views

GHSA-XQV9-QR76-HFQ2 @elgentos/magento2-dev-mcp vulnerable to command injection

A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be...

5.3CVSS5.6AI score0.00812EPSS

Exploits0References9

vulnersOsv•added 2026/04/01 11:58 p.m.•7 views

@bernierllc/neverhub (>=1.0.0 <=1.1.0), @cdagaton/excalidraw-mcp (>=0.3.2 <=0.3.3) +16 more potentially affected by CVE-2026-25536 via mcp-handler (>=1.0.1 <=1.0.7)

mcp-handler NPM version =1.0.1, =1.0.0, =0.3.2, =0.1.0, =0.0.0-experimental-20250910140832, =1.0.0, =0.0.27, =0.0.45 - @websolutespa/payload-plugin-bowl-llm =3.0.0 and more Source cves: CVE-2026-25536 Source advisory: OSV:GHSA-W2FM-25VW-VH7F...

7.1CVSS6.9AI score0.00239EPSS

Exploits0

GithubExploit•added 2026/03/31 9:0 p.m.•114 views

Buffer-Overflow-Exploit-C

Buffer Overflow & Stack Smashing Exploit Overview This pro...

6.3AI score

Exploits0

GithubExploit•added 2026/03/12 11:3 a.m.•105 views

Exploits-and-code-snippets

Exploits-and-code-snipp...

5.8AI score

Exploits0

Patchstack•added 2026/03/12 8:8 a.m.•4 views

WordPress DukaPress plugin <= 3.2.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Vuln Seeker Cyber Security Team in WordPress Plugin DukaPress versions = 3.2.4...

7.1CVSS5.8AI score0.00145EPSS

Exploits0References1Affected Software1

vulnersOsv•added 2026/02/12 3:31 a.m.•5 views

@aliceoq/library-test (>=1.3.2 <=1.3.3), @bentwnghk/chat (>=1.61.0 <=1.107.2) +169 more potentially affected by CVE-2026-0969 via next-mdx-remote (>=4.4.1 <=5.0.0)

next-mdx-remote NPM version =4.4.1, =1.3.2, =1.61.0, =1.1.1, =0.0.2, =1.0.0, =0.1.1, =0.0.1, =2.13.2, =0.0.3, =0.2.0, =0.5.0, =0.0.66, =0.1.10-0 and more Source cves: CVE-2026-0969 Source advisory: OSV:GHSA-G4XW-JXRG-5F6M...

8.8CVSS5.8AI score0.00582EPSS

Exploits0

vulnersOsv•added 2026/01/29 3:4 p.m.•7 views

autoxx (>=0.0.11 <=0.0.13), vuln-demo-math-ops (=1.0.0) potentially affected by CVE-2026-24780 via agpt (=0.2.2)

agpt PYPI version =0.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on agpt and may be impacted: - autoxx =0.0.11, =0.0.13 - vuln-demo-math-ops =1.0.0 Source cves: CVE-2026-24780 Source advisory: OSV:GHSA-R277-3XC5-C79V...

9.4CVSS5.8AI score0.01147EPSS

Exploits1

vulnersOsv•added 2026/01/21 3:41 p.m.•6 views

@aexol/opencode-tui (>=0.2.5 <=0.2.10), @agent-embed/js (>=0.0.1 <=0.0.45) +287 more potentially affected by CVE-2026-23736 via seroval (>=0.10.4 <=1.3.2)

seroval NPM version =0.10.4, =0.2.5, =0.0.1, =2.11.0, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.7, =0.0.1, =0.0.1, =1.0.0, =0.1.26, =0.0.1, =0.0.17-demo-01 and more Source cves: CVE-2026-23736 Source advisory: OSV:GHSA-HJ76-42VX-JWP4...

9.8CVSS5.4AI score0.00246EPSS

Exploits0

RedhatCVE•added 2026/01/09 11:10 a.m.•5 views

CVE-2016-10316

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to conduct Open Redirect attacks via the return-url parameter to /goform/formLogout...

6.1CVSS7.2AI score0.00773EPSS

Exploits1References1