CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

175 matches found

OSV•added 2026/03/26 7:32 a.m.•0 views

GHSA-JFJG-VC52-WQVF BentoML has Dockerfile Command Injection via system_packages in bentofile.yaml

Summary The docker.systempackages field in bentofile.yaml accepts arbitrary strings that are interpolated directly into Dockerfile RUN commands without sanitization. Since systempackages is semantically a list of OS package names data, users do not expect values to be interpreted as shell command...

7.8CVSS6.5AI score0.00009EPSS

Exploits1References4

EUVD•added 2026/03/17 8:34 p.m.•4 views

EUVD-2026-12490

Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit...

7.5CVSS5.8AI score0.00068EPSS

Exploits0References4

OSV•added 2026/03/17 8:34 p.m.•3 views

GHSA-XFHR-Q72Q-JCRJ Improper S3 ownership verification in Bedrock AgentCore Starter Toolkit

Summary An issue has been identified in the Bedrock AgentCore Starter Toolkit versions prior to v0.1.13 that may allow a remote actor to inject code during the build process, leading to code execution in the AgentCore Runtime. Impact A remote actor could inject code during the build process,...

7.5CVSS6.2AI score0.00068EPSS

Exploits0References5

CNNVD•added 2026/03/16 12:0 a.m.•3 views

Bedrock AgentCore Starter Toolkit 安全漏洞

Bedrock AgentCore Starter Toolkit is an open-source AI development and deployment toolkit provided by Amazon Web Services. Versions of the tool before v0.1.13 contain security vulnerabilities. These vulnerabilities stem from a lack of S3 ownership verification, which allows remote attackers to...

7.5CVSS5.9AI score0.00068EPSS

Exploits0References2

RedhatCVE•added 2026/03/11 10:18 a.m.•2 views

CVE-2026-2741

A flaw was found in Vaadin. During the automatic download and extraction of Node.js, a remote attacker could exploit a path traversal vulnerability. By intercepting or controlling the Node.js download, an attacker could serve a specially crafted ZIP archive. This malicious archive would allow fil...

2.6CVSS5.8AI score0.00081EPSS

Exploits0References5

RedhatCVE•added 2026/02/25 2:28 p.m.•4 views

CVE-2026-27606

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

9.8CVSS6.5AI score0.00398EPSS

Exploits1References10

CNNVD•added 2026/02/05 12:0 a.m.•5 views

Webpack 代码问题漏洞

Webpack is a module bundler developed by Webpack contributors. Its primary purpose is to bundle JavaScript files for use in browsers. However, it can also convert, bundle, or package almost any resource or asset. Versions of Webpack from 5.49.0 to 5.104.1 contained code vulnerabilities. These...

3.7CVSS5.9AI score0.00014EPSS

Exploits1References1

Cvelist•added 2026/02/04 7:32 p.m.•25 views

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS0.00014EPSS

Exploits0References2

Packet Storm•added 2026/02/02 12:0 a.m.•139 views

📄 MiniCMS 1.11 Exploitation Toolkit

This toolkit focuses on validating and demonstrating the impact of a known and documented design flaw in MiniCMS 1.11 related to its build process CVE-2018-1000638. MiniCMS relies on an insecure build.php script that blindly packages filesystem contents into install.php without enforcing integrit...

6.1CVSS5.8AI score0.00801EPSS

Exploits3

Tenable Nessus•added 2026/01/14 12:0 a.m.•1 views

MiracleLinux 3 : util-linux-2.13-0.59.0.1.AXS3 (AXSA:2012-269:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2012-269:01 advisory. The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others,...

4.6CVSS7AI score0.00087EPSS

Exploits0References3

Packet Storm News•added 2025/11/03 12:0 a.m.•3 views

Characterizing Build Compromises through Vulnerability Disclosure Analysis

The software build process transforms source code into deployable artifacts, representing a critical yet vulnerable stage in software development. Build infrastructure security poses unique challenges: the complexity of multi-component systems source code, dependencies, build tools, the difficult...

7.2AI score

Exploits0

OSV•added 2025/10/10 7:23 a.m.•2 views

SUSE-SU-2025:03523-1 Security update for openssl-1_1-livepatches

This update for openssl-11-livepatches fixes the following issues: - Add livepatch for CVE-2025-9230 bsc1250410. - Use strong externalization for ssl3setupreadbuffer and ssl3releasereadbuffer - Use strong externalization for osslstatemfatal. - Add livepatch for CVE-2024-4741 bsc1225552. - Drop...

7.5CVSS7AI score0.00359EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-4517

Malware in sbrugna...

9.8CVSS9.5AI score0.00426EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-14589

Malware in sbrugna...

5.5CVSS5.4AI score0.00041EPSS

Exploits0References4