CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

83 matches found

CVE-2026-54232

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability, a dependency confusion attack, allows a remote attacker to execute arbitrary code with root privileges during the Docker build process. By exploiting this, an attacker can compromise the...

8.8CVSS6.1AI score0.00304EPSS

Exploits1References4

ATTACKERKB•added 6 days ago•5 views

CVE-2026-56274

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS

Exploits1References3

GithubExploit•added 2026/06/11 9:41 a.m.•60 views

Exploit for Improper Input Validation in Nodeca Js-Yaml

Doceker bulid 취약환경으로 Docker 환경으로 빌드를 한다. docker build -f c...

6.8CVSS5.4AI score0.17186EPSS

Exploits7

RedhatCVE•added 2026/06/05 7:11 p.m.•10 views

CVE-2026-44345

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/internal/container/frontend/dockerfile/templates/basev2.j2 interpolates docker.baseimage raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS5.6AI score0.00317EPSS

Exploits1References1

RedhatCVE•added 2026/05/28 8:12 p.m.•12 views

CVE-2026-44346

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs.name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentom...

8.8CVSS5.9AI score0.00321EPSS

Exploits1References1

OSV•added 2026/05/27 6:16 p.m.•7 views

PYSEC-2026-190

8.8CVSS5.9AI score0.00321EPSS

Exploits1References1

PyPA•added 2026/05/27 6:16 p.m.•9 views

PYSEC-2026-190

8.8CVSS5.9AI score0.00321EPSS

Exploits1References1Affected Software1

PyPA•added 2026/05/27 6:16 p.m.•9 views

PYSEC-0000-CVE-2026-44346

8.8CVSS5.9AI score0.00321EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/27 5:24 p.m.•9 views

CVE-2026-44345

8.8CVSS5.9AI score0.00317EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/27 5:24 p.m.•15 views

EUVD-2026-32610

8.8CVSS5.9AI score0.00317EPSS

Exploits1References1

Vulnrichment•added 2026/05/27 5:22 p.m.•7 views

CVE-2026-44346 BentoML: Dockerfile command injection via envs[*].name in bentofile.yaml

8.8CVSS5.9AI score0.00321EPSS

Exploits1References1

CVE•added 2026/05/27 5:22 p.m.•19 views

CVE-2026-44346

CVE-2026-44346 affects BentoML. A malicious bentofile.yaml with a newline-injected value in envs[*].name yields unquoted RUN directives in the BentoML-generated Dockerfile, causing those RUN commands to run on the host during docker build when running bentoml containerize. The issue stems from un...

8.8CVSS5.9AI score0.00321EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/05/27 5:22 p.m.•11 views

CVE-2026-44346

8.8CVSS5.9AI score0.00321EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/27 5:22 p.m.•12 views

EUVD-2026-32609

8.8CVSS5.9AI score0.00321EPSS

Exploits1References1

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-45979

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/ internal/container/frontend/dockerfile/templates/base v2.j2 interpolates docker.base image raw with no escaping, newline filtering, or validation. A malicious...

8.8CVSS6AI score

Exploits0References2

Positive Technologies•added 2026/05/27 12:0 a.m.•10 views

PT-2026-45980

8.8CVSS5.9AI score

Exploits0References2

OSV•added 2026/05/21 8:0 a.m.•8 views

MAL-2026-4228 Malicious code in @tiledesk/tiledesk-server (npm)

@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...

6.1AI score

Exploits0References3

Github Security Blog•added 2026/05/14 2:57 p.m.•11 views

Flowise has an MCP Security Bypass that Enables RCE

Summary There are three bypass methods for the security limitations of the Flowise MCP feature, and attackers can execute arbitrary commands by combining these three methods Details 【Vulnerability one】The Docker build subcommand not being on the blocklist leads to remote code execution The attack...

6.7AI score

Exploits0References3Affected Software2

OSV•added 2026/05/14 2:57 p.m.•4 views

GHSA-M99R-2HXC-CP3Q Flowise has an MCP Security Bypass that Enables RCE

8.7CVSS6.7AI score

Exploits0References3

RedhatCVE•added 2026/05/11 8:25 p.m.•7 views

CVE-2026-42298

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

10CVSS6.1AI score0.00504EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by