CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/27 12:0 a.m.•2 views

PT-2026-43988

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a buffer overflow in the asperahttpd component. This vulnerability could allow an authenticat...

8.8CVSS6.5AI score0.00061EPSS

Exploits0References2

RedhatCVE•added 2026/05/26 8:14 p.m.•10 views

CVE-2026-9368

A vulnerability was identified in NousResearch hermes-agent up to 2026.4.16. This impacts the function executecode of the file tools/codeexecutiontool.py of the component Environment Variable Handler. Such manipulation leads to sandbox issue. It is possible to launch the attack remotely. The...

7.5CVSS6.8AI score0.00091EPSS

Vulnrichment•added 2026/05/26 5:10 p.m.•3 views

CVE-2026-8834 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

8CVSS6.4AI score0.00007EPSS

EUVD•added 2026/05/26 2:45 a.m.•5 views

EUVD-2026-31783

A flaw has been found in xianrendzw EasyReport up to 2.0.17.0522Beta. Affected by this issue is the function execute of the component REST Endpoint. Executing a manipulation of the argument reportParams can lead to sql injection. The attack can be launched remotely. The vendor was contacted early...

6.5CVSS6.4AI score0.00029EPSS

RedhatCVE•added 2026/05/26 2:12 a.m.•4 views

CVE-2023-54348

ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to inject spreadsheet formulas into vendor name fields that execute on the workstation of users who open the exported CSV in a spreadsheet application. Attackers can add malicious formulas like =10+20+cmd|' ...

8.8CVSS5.9AI score0.00054EPSS

OSSF Malicious Packages•added 2026/05/25 3:39 p.m.•6 views

Malicious code in @polka-ui/loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f93cf8dde7e6a1252424fc82f38e8502a37d9e427d92d412fd8944c91b8ee5a4 On npm install, scripts/postinstall.js downloads a per-OS payload from https://oob.moika.tech/payload/linux|mac|win, writes it to /tmp/.polka-uiinit....

5.8AI score

Exploits0References2

NVD•added 2026/05/25 11:16 a.m.•11 views

CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS0.02177EPSS

Cvelist•added 2026/05/25 11:0 a.m.•30 views

CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection

7.5CVSS0.02177EPSS

CVE•added 2026/05/25 11:0 a.m.•12 views

CVE-2026-9452

FoundDream miniclawd contains a vulnerability in ExecTool.execute (file /src/tools/exec.ts) that allows os command injection via remote input. The CVE-2026-9452 entry notes no software versioning and that affected/unaffected releases are unavailable, with public exploit disclosure and a proof-of-...

7.5CVSS6.7AI score0.02177EPSS

Vulnrichment•added 2026/05/25 11:0 a.m.•3 views

CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection

7.5CVSS6.7AI score0.02177EPSS

ATTACKERKB•added 2026/05/25 1:50 a.m.•6 views

CVE-2026-9489

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

8.5CVSS6.3AI score0.00023EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/25 12:0 a.m.•7 views

PT-2026-43039

7.5CVSS6.7AI score0.02177EPSS

CNNVD•added 2026/05/25 12:0 a.m.•4 views

miniclawd 操作系统命令注入漏洞

miniclawd is a lightweight personal AI assistant with multi-LLM and multi-channel support by Ziwen Personal Developer. miniclawd suffers from an OS command injection vulnerability that originates from the parameter manipulation of the function ExecTool.execute in the file /src/tools/exec.ts, whic...

7.5CVSS7AI score0.02177EPSS

OSV•added 2026/05/24 6:54 p.m.•4 views

MAL-2026-4547 Malicious code in cxpher-linux-arm32 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd6c14d2899b638880b25bf1c35973ed1c9cf6fcb99331447e3da7c2478124c7 The package's main is an ARM ELF binary that, when loaded, mkdtemp's a working directory under /dev/shm/.cxpher.XXXXXX or /tmp/.cxpher.XXXXXX, writes...

5.9AI score

OSSF Malicious Packages•added 2026/05/24 5:19 p.m.•6 views

Malicious code in class-weaver (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4e45cdd0a93db2db56ae7fd2c348305a5ce7aeab9c6fb4b2331c2a547b2c5e7 class-weaver advertises itself as a className/theme utility keywords clsx, utils, styling; exports named classNames and twMerge mimicking...

5.9AI score

OSV•added 2026/05/24 5:15 p.m.•5 views

MAL-2026-4706 Malicious code in vite-plugin-css-blend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7a47fa75fbd028d1aca89ca790036f760c76d8e486175505ef4a8f59f33e7c76 The package is published as a Vite CSS plugin but exposes no Vite plugin API. Its documented applyGlobalStylespalette, accents export, when called on...

6AI score

Cvelist•added 2026/05/24 8:45 a.m.•11 views

CVE-2026-9368 NousResearch hermes-agent Environment Variable code_execution_tool.py execute_code sandbox

7.5CVSS0.00091EPSS

EUVD•added 2026/05/24 8:45 a.m.•7 views

EUVD-2026-31582

7.5CVSS6.8AI score0.00091EPSS