CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/29 12:0 a.m.•5 views

AgentFlow 代码注入漏洞

AgentFlow is an open-source multi-agent orchestration and dependency graph execution tool developed by Bera Buddies. AgentFlow has a code injection vulnerability, which stems from allowing attackers to execute local Python scripts by providing user-controlled pipelinepath parameters through POST...

8.8CVSS6.3AI score0.00343EPSS

CNNVD•added 2026/04/29 12:0 a.m.•4 views

Cockpit CMS 代码注入漏洞

Cockpit CMS is an open-source headless content management system developed by Cockpit. Cockpit CMS has a code injection vulnerability, which stems from remote code execution at the /cockpit/collections/savecollection endpoint, potentially leading to arbitrary command execution...

8.8CVSS6.5AI score0.00825EPSS

CNNVD•added 2026/04/29 12:0 a.m.•8 views

EyouCMS 注入漏洞

EyouCMS is an open-source content management system CMS developed by Eyou Corporation in China, based on ThinkPHP. EyouCMS versions 1.7.9 and earlier have a vulnerability related to injection attacks. This vulnerability arises from improper handling of the editFile function in the file...

5.8CVSS5.9AI score0.00239EPSS

Positive Technologies•added 2026/04/29 12:0 a.m.•1 views

PT-2026-35940

A weakness has been identified in EyouCMS up to 1.7.9. Impacted is the function editFile of the file application/admin/logic/FilemanagerLogic.php of the component Template File Handler. Executing a manipulation can lead to code injection. The attack can be launched remotely. The exploit has been...

5.8CVSS5AI score0.00239EPSS

Exploits0References5

NVD•added 2026/04/28 3:16 p.m.•4 views

CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS0.01774EPSS

EUVD•added 2026/04/28 1:43 p.m.•1 views

EUVD-2026-26052

9.2CVSS6AI score0.01774EPSS

Vulnrichment•added 2026/04/28 1:43 p.m.•6 views

CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint

CVE•added 2026/04/28 1:43 p.m.•15 views

CVE-2026-27760

OpenCATS before commit 3002a29 contains a PHP code injection in the installer AJAX endpoint (databaseConnectivity action) that allows unauthenticated attackers to inject PHP code and execute it. The exploit relies on breaking out of the define() context in config.php (via a single quote and state...

In wildExploits0References6

ATTACKERKB•added 2026/04/28 1:43 p.m.•2 views

CVE-2026-27760

Cvelist•added 2026/04/28 1:43 p.m.•32 views

Exploits0References7

CVE-2026-27760 OpenCATS PHP Code Injection via installer AJAX endpoint

9.2CVSS0.01774EPSS

OSV•added 2026/04/28 8:37 a.m.•0 views

BIT-ACTIVEMQ-2026-41044 Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.0069EPSS

Exploits0References3

OSV•added 2026/04/28 8:37 a.m.•1 views

BIT-ACTIVEMQ-2026-40466 Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may bypass the fix in CVE-2026-34197 by adding a connector using an HTTP Discovery transport...

8.8CVSS8.6AI score0.87048EPSS

Exploits12References2

RedhatCVE•added 2026/04/28 3:14 a.m.•3 views

CVE-2026-41242

A flaw was found in protobufjs, a JavaScript JS library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the "type" fields of protobuf definitions. This malicious code will then execute during the object...

9.8CVSS6.8AI score0.00575EPSS

Exploits1References8

CNNVD•added 2026/04/28 12:0 a.m.•6 views

HTMLy 安全漏洞

HTMLy is an open-source PHP-based blog platform. Version 3.1.1 of HTMLy has a security vulnerability. This vulnerability stems from the content creation function at the /add/content?type=image endpoint, which fails to properly clean user input, potentially allowing for the injection of arbitrary...

8.9CVSS5.9AI score0.00356EPSS

Exploits0References2

CNNVD•added 2026/04/28 12:0 a.m.•7 views

VMware Spring AI 代码注入漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5, as well as 1.1.0 to 1.1.4 of VMware Spring AI, have code injection vulnerabilities. These...

8.6CVSS5.9AI score0.00394EPSS

Exploits0References2

CNNVD•added 2026/04/28 12:0 a.m.•6 views

OpenCats 代码注入漏洞

OpenCats is an open-source recruitment process management system developed by OpenCats. OpenCats has a code injection vulnerability, which stems from PHP code injection in the AJAX endpoints of the installation wizard. This vulnerability allows unauthenticated attackers to execute arbitrary code ...

9.2CVSS6.2AI score0.01774EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•4 views

PT-2026-35727

Name of the Vulnerable Software and Affected Versions OpenCATS versions prior to commit 3002a29 Description An unauthenticated PHP code injection issue exists in the installer AJAX endpoint. This allows attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity...