CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/04/29 1:2 p.m.•7 views

CVE-2026-5140

CVE-2026-5140 is a CRLF injection vulnerability in Pardus (TUBITAK BILGEM Software Technologies Research Institute). Affected: Pardus

8.8CVSS5.8AI score0.00107EPSS

Exploits0References2

RedHat Linux•added 2026/04/29 4:17 a.m.•2 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS7.5AI score0.00055EPSS

Exploits1References12

CNNVD•added 2026/04/29 12:0 a.m.•6 views

Pardus 注入漏洞

Pardus is a Linux distribution developed by the TUBITAK BILGEM government department in Turkey. Versions of Pardus from 0.6.4 up to 0.8.0 had a vulnerability related to injection attacks. This vulnerability stemmed from improper handling of CRLF sequences, which could lead to authentication...

8.8CVSS5.8AI score0.00107EPSS

NVD•added 2026/04/28 7:37 p.m.•2 views

CVE-2026-41384

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables...

8.5CVSS0.00016EPSS

CVE•added 2026/04/28 6:9 p.m.•6 views

CVE-2026-41384

OpenClaw prior to 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows malicious workspace configs to inject environment variables into the spawned backend process, enabling code execution or sensitive data exposure. Affected package: openclaw (...

8.5CVSS7.2AI score0.00016EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/04/28 6:9 p.m.•26 views

CVE-2026-41384 OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend

8.5CVSS0.00016EPSS

Vulnrichment•added 2026/04/28 5:46 p.m.•1 views

CVE-2026-24231

NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referencing the 0.0.0.0/8 address range through a blueprint configuration file or CLI flag. A successful...

CVE•added 2026/04/28 5:46 p.m.•4 views

CVE-2026-24231

NVIDIA NemoClaw is affected by CVE-2026-24231 in the validateEndpointUrl() SSRF protection pathway. A crafted endpoint URL referencing the 0.0.0.0/8 range through a blueprint configuration or CLI flag can trigger a server-side request forgery and may lead to information disclosure. The NVIDIA sec...

Exploits0References3Affected Software1

EUVD•added 2026/04/28 5:46 p.m.•2 views

EUVD-2026-26080

Cvelist•added 2026/04/28 5:46 p.m.•26 views

CVE-2026-24231

6.3CVSS0.00013EPSS

ATTACKERKB•added 2026/04/28 5:46 p.m.•1 views

CVE-2026-24231

OSV•added 2026/04/28 5:33 p.m.•3 views

Exploits0References4

CLSA-2026-1777397602 gimp: Fix of CVE-2026-4887

CVE-2026-4887 fix heap buffer over-read in PCX file loader by adding bpp validation, tolerating off-by-one bytesperline values, and allocating one extra byte for line buffers...

7.1CVSS5.9AI score0.0005EPSS

Exploits1References1

EUVD•added 2026/04/28 3:15 a.m.•0 views

EUVD-2026-25977

A vulnerability has been found in jackwrichards FastlyMCP up to 6f3d0b0e654fc51076badc7fa16c03c461f95620. This impacts an unknown function of the file fastly-mcp.mjs of the component fastlycli Tool. The manipulation of the argument command leads to os command injection. It is possible to initiate...

7.5CVSS7AI score0.0212EPSS

Exploits0References5

Positive Technologies•added 2026/04/28 12:0 a.m.•4 views

PT-2026-35769

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.24 Description An environment variable injection issue exists in the CLI backend runner. Attackers can use malicious workspace configurations to inject arbitrary environment variables into the backend process...

8.5CVSS7.1AI score0.00016EPSS

Exploits0References6

CNNVD•added 2026/04/28 12:0 a.m.•5 views

FastlyMCP 命令注入漏洞

FastlyMCP is an AI assistant tool developed by Jack Richards for managing CDN services via APIs. FastlyMCP has a command injection vulnerability, which stems from the fastly-mcp.mjs file within the fastlycli tool component. This vulnerability involves command parameters that allow for OS command...

7.5CVSS7.2AI score0.0212EPSS

Positive Technologies•added 2026/04/28 12:0 a.m.•2 views

PT-2026-35757

Packet Storm News•added 2026/04/28 12:0 a.m.•2 views

Logic-to-Code Execution via Indirect Prompt Injection

This document explores a critical architectural vulnerability in Large Language Model LLM implementations, specifically within Command Line Interface CLI tools and automated agentic workflows. The research demonstrates how the absence of separation between the control plane instructions and the...

6.3AI score

Exploits0

RedhatCVE•added 2026/04/27 7:23 p.m.•1 views

CVE-2026-7038

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

4.8CVSS4.3AI score0.00005EPSS