CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

36 matches found

GithubExploit•added 3 days ago•52 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - a full PTY shell Unauthenticated Stored Cross...

9.8CVSS7.5AI score0.8071EPSS

Exploits11

The Hacker News•added last week•13 views

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

An unknown threat actor has been observed using a large language model LLM agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker compromised an...

9.8CVSS8.1AI score0.8071EPSS

Exploits11

GithubExploit•added 2026/05/16 1:10 a.m.•45 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - Marimo Pre-Auth RCE Unauthenticated Remote...

9.8CVSS7.5AI score0.8071EPSS

Exploits11

GithubExploit•added 2026/05/04 10:54 a.m.•60 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.8071EPSS

Exploits11

GithubExploit•added 2026/05/04 10:54 a.m.•60 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.8071EPSS

Exploits11

GithubExploit•added 2026/04/26 5:54 a.m.•76 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 Lab Guide Pre-Auth Remote Code Execution v...

9.8CVSS8.4AI score0.8071EPSS

Exploits11

GithubExploit•added 2026/04/25 4:50 p.m.•85 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — Marimo Pre-Auth RCE For educational and...

9.8CVSS8AI score0.8071EPSS

Exploits11

Tenable Nessus•added 2026/04/24 12:0 a.m.•3 views

Python Library marimo < 0.23.0 Pre-Auth RCE (CVE-2026-39987)

The detected version of the marimo Python package is prior to 0.23.0. It is, therefore, affected by a remote code execution vulnerability: - The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute...

9.8CVSS8.2AI score0.8071EPSS

Exploits11References2

RedhatCVE•added 2026/04/23 7:58 p.m.•2 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS7.6AI score0.8071EPSS

Exploits11References1

CISA•added 2026/04/23 12:0 p.m.•5 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-39987link is external Marimo Remote Code Execution Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses...

9.8CVSS5.9AI score0.8071EPSS

In wildExploits11References6

CISA KEV Catalog•added 2026/04/23 12:0 a.m.•7 views

Marimo Remote Code Execution Vulnerability

Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands...

9.8CVSS8.2AI score0.8071EPSS

In wildExploits11

GithubExploit•added 2026/04/18 7:46 a.m.•78 views

Exploit for CVE-2026-39987

CVE-2026-39987 marimo is a reactive Python notebook. Prior to...

9.3CVSS7.7AI score0.8071EPSS

Exploits11

GithubExploit•added 2026/04/15 8:9 a.m.•119 views

Exploit for CVE-2026-39987

CVE-2026-39987 — Marimo Python Notebook Pre-Authenticated Remo...

9.3CVSS6.9AI score0.8071EPSS

Exploits11

Positive Technologies•added 2026/04/15 12:0 a.m.•1 views

PT-2026-33169

🔴 SharePoint CVE-2026-32115 is under active exploitation. Patch now. 🔴 Marimo CVE-2026-29104 targets exposed notebooks for cloud credential theft. 🟡 108 malicious Chrome extensions stole Google and Telegram data. https://t.co/pBWq66uIkZ...

2.7CVSS5.8AI score0.00051EPSS

Exploits0References1

GithubExploit•added 2026/04/13 11:34 p.m.•88 views

Exploit for CVE-2026-39987

CVE-2026-39987 | Marimo Pre-Auth RCE Exploit Military Grade...

9.3CVSS6.1AI score0.8071EPSS

Exploits11

GithubExploit•added 2026/04/13 6:6 p.m.•64 views

Exploit for CVE-2026-39987

markdown CVE-2026-39987 - Marimo Este script es SOLO para f...

9.3CVSS5.9AI score0.8071EPSS

Exploits11

Packet Storm News•added 2026/04/13 12:0 a.m.•2 views

Marimo Vulnerable Version Scanner

Marimo versions prior to 0.23.0 suffer from a remote code execution vulnerability. This tool scans the version to see if your installation is susceptible but does not provide any exploitation functionality...

9.3CVSS6.4AI score0.8071EPSS

Exploits11

The Hacker News•added 2026/04/10 7:37 a.m.•4 views

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 CVSS score: 9.3, a pre-authenticated remote code...

9.8CVSS8.2AI score0.8071EPSS

Exploits11