CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36505 matches found

CVE-2026-5242

The CVE-2026-5242 entry concerns MIA Technology Inc.’s Pizzy Library. A vulnerability in CSV handling arises from improper neutralization of formula elements, enabling Code Injection. Affected versions are 1.0.0.26250 up to (but not including) 1.3.9.26250. CVSS‑3.1 scoring is 8.8 (HIGH): Network ...

8.8CVSS5.4AI score0.00304EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2026-5242 Code Injection in Mia Technologies' Pizzy Library

Improper neutralization of formula elements in a CSV file vulnerability in MIA Technology Inc. Pizzy Library allows Code Injection. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250...

8.8CVSS5.3AI score0.00304EPSS

Exploits0References1

Veracode•added 3 days ago•6 views

Code Injection

Apache Flink is vulnerable to Code Injection. The vulnerability is due to improper escaping of user-controlled strings during SQL code generation, which allows an authenticated attacker to inject arbitrary Java code and execute it on TaskManagers through specially crafted SQL queries...

8.1CVSS6AI score0.00381EPSS

Exploits0References5Affected Software3

RedhatCVE•added 3 days ago•6 views

CVE-2026-45833

A flaw was found in the ChromaDB Python project. An authenticated attacker with UPDATECOLLECTION permission could exploit a code injection vulnerability. By sending a malicious model repository to a specific API endpoint with trustremotecode enabled, the attacker can execute arbitrary code on the...

9.4CVSS6.1AI score0.00294EPSS

Exploits0References4

Vulnrichment•added 3 days ago•4 views

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

5.9AI score0.00165EPSS

Exploits0References1

Positive Technologies•added 3 days ago•9 views

PT-2026-49281

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

5.9AI score0.00165EPSS

Exploits0References2

Positive Technologies•added 3 days ago•6 views

PT-2026-49236

8.8CVSS5.3AI score0.00304EPSS

Exploits0References2

CVE•added 3 days ago•5 views

CVE-2025-56814

CVE-2025-56814 affects OpenCPN v5.12.0, where the wxExecute() function is vulnerable to code injection via embedded shell metacharacters. The underlying issue is a vector that allows arbitrary code execution, with a local attack vector and high impact on confidentiality, integrity, and availabili...

7.8CVSS5.9AI score0.00165EPSS

Exploits0References1

Cvelist•added 3 days ago•25 views

CVE-2025-56814

A code injection vulnerability in the wxExecute function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters...

0.00165EPSS

Exploits0References1

Positive Technologies•added 3 days ago•7 views

PT-2026-49237

Name of the Vulnerable Software and Affected Versions WooCommerce PDF Invoice Builder versions prior to 2.0.9 Description Improper Control of Generation of Code allows Remote Code Inclusion, enabling an unauthenticated attacker to perform full code injection via remote file inclusion...

10CVSS5.5AI score0.00314EPSS

Exploits0References6

Microsoft CVE•added 5 days ago•10 views

Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name

...

8.8CVSS5.3AI score0.00272EPSS

Exploits0

Microsoft CVE•added 5 days ago•10 views

Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex

...

5.3CVSS5.3AI score0.00137EPSS

Exploits0

SUSE CVE•added 5 days ago•4 views

SUSE CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

8.8CVSS5.3AI score0.00294EPSS

Exploits0References3

NVD•added 6 days ago•9 views

CVE-2026-45833

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

9.4CVSS0.00294EPSS

Exploits0References1

Cvelist•added 6 days ago•28 views

CVE-2026-45833

9.4CVSS0.00294EPSS

Exploits0References1

EUVD•added 6 days ago•14 views

EUVD-2026-36484

9.4CVSS5.8AI score0.00294EPSS

Exploits0References1

Vulnrichment•added 6 days ago•7 views

CVE-2026-45833

9.4CVSS5.8AI score0.00294EPSS

Exploits0References1

CVE•added 6 days ago•13 views

CVE-2026-45833

CVE-2026-45833 affects the ChromaDB Python project (version 0.4.17 and later). The issue is a code injection vulnerability where an authenticated attacker can execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true in the API path /api/...

9.4CVSS5.8AI score0.00294EPSS

Exploits0References1Affected Software1

Vulnrichment•added 6 days ago•5 views

CVE-2026-54133 jmespath.php has CompilerRuntime code injection via unescaped function names

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS5.6AI score0.0032EPSS

Exploits0References1

CVE•added 6 days ago•31 views

CVE-2026-54133

Technical details (affected versions, impact specifics, and remediation) are not publicly available in the provided documents. Monitor for updates.

9.8CVSS5.5AI score0.0032EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by