Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Cvelist
Cvelistadded 2026/04/14 12:3 a.m.34 views

CVE-2026-39417 MaxKB: RCE via MCP stdio command injection in workflow engine

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

4.6CVSS0.00053EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/04/14 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2026-40164

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed...

7.5CVSS5.8AI score0.00024EPSS
Exploits0References3
NVD
NVDadded 2025/12/19 5:15 p.m.1 views

CVE-2025-63665

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window...

9.8CVSS0.0009EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2025/12/19 12:0 a.m.2 views

PT-2025-52498

Name of the Vulnerable Software and Affected Versions GT Edge AI Platform versions prior to 2.0.10-dev Description An issue in GT Edge AI Platform allows attackers to execute arbitrary code by injecting a crafted JSON payload into the Prompt window. The vulnerability involves the potential for co...

9.8CVSS7.7AI score0.0009EPSS
Exploits0References9
EUVD
EUVDadded 2025/12/10 8:31 a.m.2 views

EUVD-2025-202406

An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...

6.3CVSS6.6AI score0.00196EPSS
Exploits0References2
OSV
OSVadded 2025/03/20 10:15 a.m.2 views

PYSEC-2025-94

A Regular Expression Denial of Service ReDoS vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'+' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker c...

6.5CVSS6.6AI score0.00319EPSS
Exploits1References1
CNNVD
CNNVDadded 2024/05/16 12:0 a.m.1 views

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs versions prior to 9.5, which stems from insufficient cleanup of the config parameter in the /applysettings function, allowing an attacker to manipulate...

8.4CVSS6.7AI score0.00586EPSS
Exploits1References3
Cvelist
Cvelistadded 2017/12/01 4:0 p.m.22 views

CVE-2017-15707

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload...

7.6AI score0.01534EPSS
Exploits2References6
Rows per page
Query Builder