CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/04 3:17 p.m.•2 views

CVE-2026-40563

7.1CVSS5.8AI score0.00464EPSS

Exploits0References2Affected Software1

IBM Security Bulletins•added 2026/05/04 2:25 p.m.•3 views

Security Bulletin: Vulnerability in Apache Avro Java SDK affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Apache Avro Java SDK has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.3CVSS7.1AI score0.00602EPSS

Exploits0Affected Software2

NVD•added 2026/05/04 12:16 p.m.•6 views

CVE-2026-3120

Improper Control of Generation of Code 'Code Injection' vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue affects SambaBox: from 5.1 before 5.3...

7.2CVSS0.01182EPSS

EUVD•added 2026/05/04 11:53 a.m.•3 views

EUVD-2026-26945

CVE•added 2026/05/04 11:53 a.m.•17 views

CVE-2026-3120

Affected product: SambaBox (Profelis Information and Consulting) – versions 5.1 up to 5.3 (exclusive). Issue: Improper control of code generation leading to OS command injection. This is a network-vector vulnerability with no user interaction, potentially enabling remote command execution; CVSSv3...

ATTACKERKB•added 2026/05/04 11:53 a.m.•6 views

CVE-2026-3120

Exploits0References2Affected Software1

Cvelist•added 2026/05/04 11:53 a.m.•29 views

CVE-2026-3120 RCE in Profelis Informatics' SambaBox

7.2CVSS0.01182EPSS

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-36796

CNNVD•added 2026/05/04 12:0 a.m.•8 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability; this vulnerability stemmed from an sandbox escape exploit throug...

9.8CVSS6.3AI score0.00984EPSS

Tenable Nessus•added 2026/05/04 12:0 a.m.•4 views

RHCOS 6 : openshift-origin-node-util (RHSA-2013:0148)

The remote Red Hat Enterprise Linux CoreOS 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2013:0148 advisory. - openshift-origin-node-util: restorer.php pregmatch shell code injection CVE-2012-5646 - openshift-origin-node-util: restorer.php...

7.5CVSS6AI score0.02185EPSS

Exploits1References7

CNNVD•added 2026/05/04 12:0 a.m.•5 views

SambaBox 代码注入漏洞

SambaBox is a file-sharing server solution developed by SambaBox Inc. Based on Samba, versions 5.1 to 5.3 of SambaBox had a code injection vulnerability. This vulnerability stemmed from improper code generation control, which could lead to OS command injections...

7.2CVSS5.9AI score0.01182EPSS

CNNVD•added 2026/05/04 12:0 a.m.•6 views

Apache Atlas 代码注入漏洞

Apache Atlas is a scalable and extensible core feature governance service developed by the Apache Foundation in the United States. Version 0.8 to 2.4.0 of Apache Atlas contains a code injection vulnerability. This vulnerability stems from the DSL search endpoint accepting query strings provided b...

8.1CVSS5.9AI score0.00464EPSS

CNNVD•added 2026/05/04 12:0 a.m.•7 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.5 had a code injection vulnerability. This vulnerability stems from insufficient fixes to CVE-2023-374...

9.8CVSS6.3AI score0.00735EPSS

CNNVD•added 2026/05/04 12:0 a.m.•8 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability, which stemmed from a sandbox escape vulnerability. This...

9.8CVSS6.3AI score0.00886EPSS

CNNVD•added 2026/05/04 12:0 a.m.•6 views

vm2 代码注入漏洞

10CVSS6.3AI score0.00576EPSS

CNNVD•added 2026/05/04 12:0 a.m.•4 views

n8n 代码注入漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained a code injection vulnerability. This vulnerability stems from workflows that include Python Code Nodes, allowing authenticated users to escape the sandbox and...

8.8CVSS6.2AI score0.00363EPSS

CNNVD•added 2026/05/04 12:0 a.m.•5 views

Nginx UI 代码注入漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a code injection vulnerability. This vulnerability stemmed from the backup restoration endpoint POST /api/restore, which operates without authentication within the first 10 minutes after the process...

9.8CVSS6.2AI score0.00764EPSS

Exploits1References2

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for the PHP programming language. Integrators who use Composer code to call VcsDriver::getFileContent may encounter a code injection vulnerability if the user can control the $file or $identifier arguments. This vulnerability is documented on packagist.org, where...

8.8CVSS8.2AI score0.0178EPSS