CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9154 matches found

SUSE CVE•added 2026/03/25 12:25 a.m.•3 views

SUSE CVE-2026-30247

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, the application's "Import document via URL" feature is vulnerable to Server-Side Request Forgery SSRF through HTTP redirects. While the backend implements comprehensive UR...

7.5CVSS5.8AI score0.00388EPSS

Exploits1References3

Positive Technologies•added 2026/03/25 12:0 a.m.•25 views

PT-2026-28590

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A flaw exists in the Docker daemon’s privilege validation process during docker plugin install. The daemon does not fully enforce plugin privilege checks, potentially allowing unintended...

9.4CVSS5.9AI score0.00315EPSS

Exploits0References115

Positive Technologies•added 2026/03/25 12:0 a.m.•4 views

PT-2026-28593

Name of the Vulnerable Software and Affected Versions Moby/Docker Engine versions prior to 29.3.1 Description A security flaw in the Moby/Docker Engine allows attackers with local access to the Docker API or container to bypass authorization plugins AuthZ. By using specially crafted, oversized HT...

8.8CVSS7.3AI score0.08123EPSS

Exploits1References298

OpenVAS•added 2026/03/25 12:0 a.m.•2 views

openSUSE Security Advisory (SUSE-SU-2026:0950-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8AI score

Exploits0References3

OpenVAS•added 2026/03/25 12:0 a.m.•6 views

SUSE: Security Advisory (SUSE-SU-2026:0950-1)

5.8AI score

Exploits0References3

OpenVAS•added 2026/03/25 12:0 a.m.•0 views

openSUSE Security Advisory (SUSE-SU-2026:0972-1)

9.9CVSS6.4AI score0.16496EPSS

Exploits0References4

EUVD•added 2026/03/24 9:31 p.m.•2 views

EUVD-2026-14958

Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.containerinfo' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker containers by injecting them via the Docker archive API...

6.1CVSS5.9AI score0.00251EPSS

Exploits0References2

RedhatCVE•added 2026/03/24 8:26 p.m.•1 views

CVE-2026-23924

A flaw was found in the Zabbix Agent 2 Docker plugin. An attacker with the ability to invoke Agent 2 can exploit improper sanitization of 'docker.containerinfo' parameters. This allows the attacker to inject malicious input via the Docker archive API, leading to the disclosure of arbitrary files...

6.1CVSS5.7AI score0.00251EPSS

Exploits0References2

OSV•added 2026/03/24 7:16 p.m.•2 views

DEBIAN-CVE-2026-23924

6.1CVSS5.5AI score0.00251EPSS

Exploits0References1

NVD•added 2026/03/24 7:16 p.m.•2 views

CVE-2026-23924

6.1CVSS0.00251EPSS

Exploits0References1

OSV•added 2026/03/24 7:16 p.m.•4 views

UBUNTU-CVE-2026-23924

6.1CVSS5.9AI score0.00251EPSS

Exploits0References3

UbuntuCve•added 2026/03/24 7:16 p.m.•0 views

CVE-2026-23924

6.1CVSS6AI score0.00251EPSS

Exploits0References2

CVE•added 2026/03/24 6:30 p.m.•18 views

CVE-2026-23924

CVE-2026-23924 affects the Zabbix Agent 2 Docker plugin. The issue is improper sanitization of the docker.container_info parameters when forwarding to the Docker daemon, enabling an attacker capable of invoking Agent 2 to read arbitrary files from running Docker containers by injecting them via t...

6.1CVSS5.9AI score0.00251EPSS

Exploits0References1

Cvelist•added 2026/03/24 6:30 p.m.•16 views

CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection

6.1CVSS0.00251EPSS

Exploits0References1

ATTACKERKB•added 2026/03/24 6:30 p.m.•2 views

CVE-2026-23924

6.1CVSS5.9AI score0.00251EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/24 6:30 p.m.•2 views

CVE-2026-23924 Agent 2 Docker plugin arbitrary file read via Docker API injection

6.1CVSS5.9AI score0.00251EPSS

Exploits0References1

Debian CVE•added 2026/03/24 6:30 p.m.•3 views

CVE-2026-23924

6.1CVSS5.5AI score0.00251EPSS

Exploits0

OSV•added 2026/03/24 5:53 p.m.•1 views

GHSA-69FQ-XP46-6X23 Trivy ecosystem supply chain was briefly compromised

Summary On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious commits. On March 22...

9.4CVSS6.2AI score0.60368EPSS

Exploits2References16

Github Security Blog•added 2026/03/24 5:53 p.m.•21 views

Trivy ecosystem supply chain was briefly compromised

9.4CVSS6.2AI score0.60368EPSS

Exploits2References16Affected Software3

Tenable Nessus•added 2026/03/24 12:0 a.m.•4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2026:0950-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0950-1 advisory. This update for docker rebuilds it against the current go 1.25 security release. Tenable has extracted th...

5.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by