CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•6 views

CVE-2026-47174

In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with package-write permissions and deployment secrets. If an attacker can make a pull request build satisf...

9.5CVSS

Cvelist•added yesterday•20 views

CVE-2026-47174 Duck Site: Untrusted pull request code can trigger privileged production deployment

9.5CVSS

CVE•added yesterday•6 views

CVE-2026-47174

Technical details such as affected components, versions, exploit paths, and fixes are not provided in the supplied documents; monitor for updates.

9.5CVSS5.3AI score

EUVD•added yesterday•5 views

EUVD-2026-36300

Vulnrichment•added yesterday•4 views

CVE-2026-47172 Quest Bot: Untrusted pull request code can be built and deployed by privileged `workflow_run` deployment.

CVE•added yesterday•6 views

CVE-2026-47172

Quest Bot (open-source Discord bot) contains a privilege escalation in the deploy workflow prior to v1.0.3. The repository’s privileged deploy workflow runs after the unprivileged build, and when a PR from a main branch is opened, the deploy workflow can check out the PR head_sha, build it into a...

RedhatCVE•added yesterday•5 views

CVE-2026-11859

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from G...

5.1CVSS5.5AI score0.00047EPSS

Positive Technologies•added yesterday•5 views

PT-2026-48711

Positive Technologies•added yesterday•5 views

Exploits0References3

PT-2026-48713

9.5CVSS5.3AI score

OSV•added 2 days ago•4 views

GHSA-5G86-85RP-F9HX Papra HTTP redirect bypass can lead to SSRF via webhook delivery system

Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP requests to internal addresses — loopback, link-local, and RFC-1918 ranges. The SSRF protection validates the registered webhook URL but...

3.5CVSS5.6AI score

Exploits0References3

RedhatCVE•added 2026/05/30 8:13 a.m.•16 views

CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

8.8CVSS6AI score0.00058EPSS

Exploits1References1

CVE•added 2026/05/28 9:19 p.m.•24 views

CVE-2026-48116

AnythingLLM CVE-2026-48116: Prior to 1.13.0, the filesystem-search-files agent passes a user-controlled pattern to ripgrep as a positional argument without a -- end-of-options separator. ripgrep interprets arguments starting with - as options, so a pattern like --pre=/bin/sh can execute /bin/sh f...

8.8CVSS6AI score0.00058EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/05/28 12:0 a.m.•6 views

AnythingLLM 参数注入漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 had a parameter injection vulnerability. This vulnerability stemmed from the filesystem-search-files proxy skill directly passing mode parameters controlled by the LLM as position paramete...

8.8CVSS6.1AI score0.00058EPSS

Exploits1References3

Positive Technologies•added 2026/05/23 12:0 a.m.•7 views

PT-2026-42873

Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.19.2 Description The "PUT /api/environments/id/templates/variables" endpoint, used to write the system-wide .env.global file for variable substitution in project compose files, lacks an admin authorization check. Any...

8.8CVSS6.5AI score0.00044EPSS

Exploits0References9

GithubExploit•added 2026/05/17 1:9 a.m.•60 views

PoCLab

kernel-poc Minimal Linux kernel + QEMU environment for reprod...

7.8CVSS7.3AI score0.02194EPSS

Exploits227

ATTACKERKB•added 2026/05/12 7:39 p.m.•7 views

CVE-2026-44218

ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the default root user because the Dockerfile lacks a USER directive. This vulnerability is fixed in 0.8.2...

3CVSS5.8AI score0.00005EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/08 12:0 a.m.•6 views

Gitroom Postiz 代码注入漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Previous versions of Gitroom Postiz had a code injection vulnerability. This vulnerability stemmed from a Pwn Request vulnerability present in the workflow for building and publishing PR Docker images, which could...

10CVSS6.2AI score0.00284EPSS