CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

142 matches found

NVD•added 2026/05/27 8:16 p.m.•5 views

CVE-2026-47274

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pamusb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

6.3CVSS0.0002EPSS

Exploits0References4

NVD•added 2026/05/08 7:16 a.m.•6 views

CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

9.8CVSS0.00056EPSS

Exploits0References2

Cvelist•added 2026/05/08 12:0 a.m.•24 views

CVE-2025-69599

0.00056EPSS

Exploits0References2

CNNVD•added 2026/05/08 12:0 a.m.•4 views

RayVentory Scan Engine 安全漏洞

RayVentory Scan Engine is a network scanning engine developed by the German company RayVentory, designed for automatically discovering and collecting IT asset information. Versions of RayVentory Scan Engine 12.6 Update 8 and earlier contain security vulnerabilities. These vulnerabilities allow...

9.8CVSS5.8AI score0.00056EPSS

Exploits0References1

Positive Technologies•added 2026/05/08 12:0 a.m.•5 views

PT-2026-38671

Name of the Vulnerable Software and Affected Versions RayVentory Scan Engine versions prior to 12.6 Update 9 Description An issue exists where attackers can gain elevated privileges if they have control over the value of the PATH environment variable. This condition is noted as being dependent on...

5.8AI score0.00056EPSS

Exploits0References6

CNNVD•added 2026/03/31 12:0 a.m.•3 views

Act 注入漏洞

Act is a locally run tool developed by Nektos and open source. Versions of Act prior to 0.2.86 had an injection vulnerability. This vulnerability stemmed from unconditionally processing the::set-env:: and::add-path:: workflow commands, which could lead to setting arbitrary environment variables o...

9.8CVSS5.9AI score0.00027EPSS

Exploits1References3

Vulnrichment•added 2026/03/19 10:36 p.m.•2 views

CVE-2026-30874 OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation

OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6, a vulnerability in the hotplugcall function allows an attacker to bypass environment variable filtering and inject an arbitrary PATH variable, potentially leading to privilege escalation. The...

1.8CVSS5.8AI score0.00013EPSS

Exploits0References2

NVD•added 2026/02/03 6:15 a.m.•1 views

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

4.6CVSS0.00005EPSS

Exploits0References1

Github Security Blog•added 2026/02/02 11:39 p.m.•6 views

OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable

Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...

8.8CVSS5.7AI score0.00089EPSS

Exploits1References6Affected Software1

OSV•added 2026/02/02 11:39 p.m.•2 views

GHSA-MC68-Q9JW-2H3V OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable

8.8CVSS5.7AI score0.00089EPSS

Exploits1References6

Tenable Nessus•added 2026/01/14 12:0 a.m.•3 views

MiracleLinux 3 : sudo-1.7.2p1-7.AXS3 (AXSA:2010-366:04)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-366:04 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

6.2CVSS5.6AI score0.0008EPSS

Exploits1References2

RedhatCVE•added 2026/01/13 10:53 p.m.•1 views

CVE-2025-13895

The Top Position Google Finance plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.6AI score0.00235EPSS

Exploits0References1

Vulnrichment•added 2025/12/12 3:20 a.m.•1 views

CVE-2025-14132 Category Dropdown List <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Category Dropdown List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.3AI score0.00118EPSS

Exploits0References3