CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20807 matches found

Tenable Nessus•added 2026/03/02 12:0 a.m.•4 views

openSUSE 15 Security Update : redis (SUSE-SU-2026:0650-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0650-1 advisory. This update for redis fixes the following issue: - a user can manipulate data read by a connection by injecting sequences into a Redis error reply bsc1258706...

6AI score

Exploits0References2

Tenable Nessus•added 2026/03/02 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-28296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containi...

4.3CVSS7.8AI score0.0036EPSS

Exploits2References3

CERT•added 2026/03/02 12:0 a.m.•7 views

MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE

Overview A command injection vulnerability was identified in the MS-Agent framework that can be triggered through unsanitized prompt-derived input. An attacker can craft untrusted input introduced via a chat prompt or other external content sources, resulting in arbitrary command execution on the...

6.5CVSS6.4AI score0.01345EPSS

Exploits2References2

Positive Technologies•added 2026/03/02 12:0 a.m.•6 views

PT-2026-23531

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw versions before 2026.2.14 do not properly validate TAR archive entry paths during extraction. A crafted archive can use path traversal sequences, such as ../../..., to write files outsi...

8.3CVSS5.9AI score0.00409EPSS

Exploits0References7

Snyk•added 2026/03/01 1:28 a.m.•2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to using the filepath.Joindest, cleanedName function without enforcing that the final path stays within dest. An attacker can overwrite or create files outside the intended destination directory by including...

8.8CVSS6.5AI score0.00559EPSS

Exploits0References2

RedhatCVE•added 2026/02/28 7:45 p.m.•6 views

CVE-2026-27734

Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URL...

6.5CVSS6AI score0.00484EPSS

Exploits1References1

Veracode•added 2026/02/28 5:13 a.m.•8 views

Path Traversal

mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...

6.5CVSS5.7AI score0.00287EPSS

Exploits0References3Affected Software1

RedhatCVE•added 2026/02/28 1:17 a.m.•4 views

CVE-2026-28406

A flaw was found in kaniko, a tool used to build container images. A remote attacker can exploit this vulnerability by providing a specially crafted build context archive that contains path traversal sequences. This allows files to be written outside the intended destination directory during...

8.5CVSS6.1AI score0.00559EPSS

Exploits0References6

Snyk•added 2026/02/28 12:14 a.m.•4 views

Directory Traversal

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Directory Traversal via the safejoin function, which uses the os.path.isabs function. An attacker can access arbitrary files on the file system. Note...

8.7CVSS6.4AI score0.03095EPSS

Exploits1References2

Snyk•added 2026/02/27 9:25 p.m.•2 views

Directory Traversal

Overview basic-ftp is a FTP client for Node.js, supports FTPS over TLS, IPv6, Async/Await, and Typescript. Affected versions of this package are vulnerable to Directory Traversal in the downloadToDir method. A malicious FTP server can overwrite or create files outside the intended directory...

9.8CVSS6.5AI score0.00528EPSS

Exploits2References2

Snyk•added 2026/02/27 9:1 p.m.•2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the container query parameter in GET /api/beszel/containers/logs and GET /api/beszel/containers/info endpoints, which is passed without validation to the agent and interpolated directly into Docker API URLs. An...

7.1CVSS6.2AI score0.00484EPSS

Exploits1References2

Snyk•added 2026/02/27 9:1 p.m.•5 views

Directory Traversal

7.1CVSS6.2AI score0.00484EPSS

Exploits1References2

OSV•added 2026/02/27 9:1 p.m.•4 views

GHSA-PHWH-4F42-GWF3 Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID

Summary The hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the agent without validation. The agent constructs Docker Engine API URLs using fmt.Sprintf with the raw value instead of...

6.5CVSS6.2AI score0.00484EPSS

Exploits1References5

Github Security Blog•added 2026/02/27 9:1 p.m.•8 views

Beszel: Docker API has a Path Traversal Vulnerability via Unsanitized Container ID

6.5CVSS6.2AI score0.00484EPSS

Exploits1References5Affected Software1

Rapid7 Blog•added 2026/02/27 8:25 p.m.•12 views

Metasploit Wrap-Up 02/27/2026

No Prob-ollama This release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE CVE-2024-37032, a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the...

9.9CVSS7.3AI score0.89633EPSS

Exploits17