CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

68 matches found

Positive Technologies•added yesterday•5 views

PT-2026-46996

Summary Public shared-view endpoints exposed values from columns that the view owner had hidden, via three independent paths: groupBy returned raw values for any column named in the request, filter and sort arrays operated on hidden columns enabling boolean-blind extraction, and the related-data...

6.9CVSS5.6AI score

Exploits0References4

Snyk•added 3 days ago•3 views

Arbitrary Command Injection

Overview org.webjars.npm:launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to Arbitrary Command Injection due to improper sanitization of the file argument on Windows systems. An attacker can execute arbitrary commands by supplying a specially crafted...

8.8CVSS5.9AI score0.0006EPSS

Exploits0References2

OSV•added 3 days ago•2 views

SUSE-SU-2026:2235-1 Security update for evince

This update for evince fixes the following issue - CVE-2026-46529: improper argument sanitization can lead to command injection bsc1265880...

5.4AI score

Exploits0References3

OSV•added 3 days ago•2 views

SUSE-SU-2026:2232-1 Security update for evince

This update for evince fixes the following issue - CVE-2026-46529: improper argument sanitization can lead to command injection bsc1265880...

5.4AI score

Exploits0References3

OSV•added 2026/05/16 2:17 a.m.•4 views

CLSA-2026-1778897873 ghostscript: Fix of CVE-2025-48708

CVE-2025-48708: fix argument sanitization to redact values supplied with '' separator...

4CVSS5.8AI score0.00025EPSS

Exploits0References1

Positive Technologies•added 2026/04/03 12:0 a.m.•1 views

PT-2026-30274

Description A scope modification vulnerability exists in @nyariv/sandboxjs version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an...

6.9CVSS6.1AI score0.00101EPSS

Exploits1References5

CVE•added 2026/03/17 3:20 p.m.•6 views

CVE-2026-23759

CVE-2026-23759 affects Perle IOLAN STS/SCS terminal server models with firmware earlier than 6.0. The issue is an authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell's handling of the ps subcommand does not sanitize arguments, passing user-supplied p...

8.6CVSS6.1AI score0.00177EPSS

Exploits0References3

CVE•added 2026/03/12 7:41 p.m.•6 views

CVE-2026-32260

Summary: CVE-2026-32260 affects Deno’s node:child_process polyfill (shell: true mode). From 2.7.0 to 2.7.1, a two-stage argument sanitization in transformDenoShellCommand contains a priority bug: when an argument includes a $VAR pattern, it is wrapped in double quotes instead of single quotes. Th...

9.8CVSS6AI score0.00119EPSS

Exploits1References1Affected Software1

OSV•added 2026/03/12 3:53 p.m.•1 views

USN-8088-1 golang-github-go-git-go-git vulnerabilities

Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this issue to cause a denial of service. CVE-2023-49568, CVE-2025-21614 Ionut Lalu discovered that go-git incorrectly handled file system paths when using the...

9.8CVSS7.1AI score0.04027EPSS

Exploits0References6

Tenable Nessus•added 2025/12/31 12:0 a.m.•2 views

Unity Linux 20.1070e Security Update: ghostscript (UTSA-2025-993339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993339 advisory. gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its...

4CVSS5.5AI score0.00025EPSS

Exploits0References4

RedhatCVE•added 2025/12/02 8:23 a.m.•5 views

CVE-2025-35028

By providing a command-line argument starting with a semi-colon ; to an API endpoint created by the EnhancedCommandExecutor class of the HexStrike AI MCP server, the resultant composed command is executed directly in the context of the MCP server’s normal privilege; typically, this is root. There...

9.1CVSS6.8AI score0.00048EPSS

Exploits0References1

Tenable Nessus•added 2025/10/08 12:0 a.m.•4 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : ghostscript (SUSE-SU-2025:03461-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03461-1 advisory. - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701 Tenable has...

4CVSS5.5AI score0.00025EPSS

Exploits0References4

SUSE Linux•added 2025/10/07 7:37 a.m.•2 views

Security update for ghostscript

This update for ghostscript fixes the following issues: CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively...

3.3CVSS6.6AI score0.00025EPSS

Exploits0References4

OSV•added 2025/10/07 7:37 a.m.•1 views

SUSE-SU-2025:03461-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701...

4CVSS6.9AI score0.00025EPSS

Exploits0References3

OSV•added 2025/10/07 7:35 a.m.•2 views

SUSE-SU-2025:03460-1 Security update for ghostscript

This update for ghostscript fixes the following issues: - CVE-2025-48708: Fixed password disclosure due to lacks of argument sanitization bsc1243701...

4CVSS6.9AI score0.00025EPSS

Exploits0References3

SUSE Linux•added 2025/10/07 7:35 a.m.•4 views

Security update for ghostscript

3.3CVSS6.6AI score0.00025EPSS

Exploits0References4