CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

40 matches found

EUVD•added 2026/06/18 12:32 a.m.•10 views

EUVD-2026-37809

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS5.1AI score0.00239EPSS

Exploits0References5

Cvelist•added 2026/06/17 9:37 p.m.•18 views

CVE-2026-54386 marimo < 0.23.9 XSS via file Query Parameter in assets.py

6.1CVSS0.00239EPSS

Exploits0References4

CVE•added 2026/06/17 9:37 p.m.•14 views

CVE-2026-54386

CVE-2026-54386 affects marimo prior to 0.23.9. A reflected XSS in the notebook page arises from improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string. An unauthenticated attacker can craft a link with a payload (notably starting with new ) that ...

6.1CVSS5.1AI score0.00239EPSS

Exploits0References4

Positive Technologies•added 2026/06/17 12:0 a.m.•14 views

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

6.1CVSS5.1AI score0.00239EPSS

Exploits0References7

GithubExploit•added 2026/06/02 8:37 a.m.•77 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - a full PTY shell Unauthenticated Stored Cross...

9.8CVSS7.5AI score0.95645EPSS

Exploits11

The Hacker News•added 2026/05/29 2:39 p.m.•20 views

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model LLM agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an...

9.8CVSS8.1AI score0.95645EPSS

Exploits11

GithubExploit•added 2026/05/16 1:10 a.m.•69 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - Marimo Pre-Auth RCE Unauthenticated Remote...

9.8CVSS7.5AI score0.95645EPSS

Exploits11

GithubExploit•added 2026/05/04 10:54 a.m.•80 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.95645EPSS

Exploits11

GithubExploit•added 2026/05/04 10:54 a.m.•106 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.95645EPSS

Exploits11

GithubExploit•added 2026/04/26 5:54 a.m.•107 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 Lab Guide Pre-Auth Remote Code Execution v...

9.8CVSS8.4AI score0.95645EPSS

Exploits11

GithubExploit•added 2026/04/25 4:50 p.m.•109 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...

9.8CVSS8AI score0.95645EPSS

Exploits11

Tenable Nessus•added 2026/04/24 12:0 a.m.•4 views

Python Library marimo < 0.23.0 Pre-Auth RCE (CVE-2026-39987)

The detected version of the marimo Python package is prior to 0.23.0. It is, therefore, affected by a remote code execution vulnerability: - The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute...

9.8CVSS8.2AI score0.95645EPSS

Exploits11References2

RedhatCVE•added 2026/04/23 7:58 p.m.•6 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS7.6AI score0.95645EPSS

Exploits11References1

CISA•added 2026/04/23 12:0 p.m.•11 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-39987link is external Marimo Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

9.8CVSS5.9AI score0.95645EPSS

In wildExploits11References6

CISA KEV Catalog•added 2026/04/23 12:0 a.m.•10 views

Marimo Remote Code Execution Vulnerability

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands...

9.8CVSS8.2AI score0.95645EPSS

In wildExploits11

GithubExploit•added 2026/04/18 7:46 a.m.•123 views

Exploit for CVE-2026-39987

CVE-2026-39987 marimo is a reactive Python notebook. Prior to...

9.3CVSS7.7AI score0.95645EPSS

Exploits11

GithubExploit•added 2026/04/15 8:9 a.m.•149 views

Exploit for CVE-2026-39987

CVE-2026-39987 — Marimo Python Notebook Pre-Authenticated Remo...

9.3CVSS6.9AI score0.95645EPSS

Exploits11

Positive Technologies•added 2026/04/15 12:0 a.m.•5 views

PT-2026-33169

🔴 SharePoint CVE-2026-32115 is under active exploitation. Patch now. 🔴 Marimo CVE-2026-29104 targets exposed notebooks for cloud credential theft. 🟡 108 malicious Chrome extensions stole Google and Telegram data. https://t.co/pBWq66uIkZ...

2.7CVSS5.8AI score0.0023EPSS

Exploits0References1

GithubExploit•added 2026/04/13 11:34 p.m.•114 views

Exploit for CVE-2026-39987

CVE-2026-39987 | Marimo Pre-Auth RCE Exploit Military Grade...

9.3CVSS6.1AI score0.95645EPSS

Exploits11

GithubExploit•added 2026/04/13 6:6 p.m.•109 views

Exploit for CVE-2026-39987

markdown CVE-2026-39987 - Marimo Este script es SOLO para f...

9.3CVSS5.9AI score0.95645EPSS

Exploits11