CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4517 matches found

Tenable Nessus•added 2026/02/10 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-1584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - Unknown description CVE-2026-1584 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C Tenable...

7.5CVSS5.8AI score0.01329EPSS

Exploits0References2

Tenable Nessus•added 2026/02/10 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-0966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libssh. The API function sshgethexa is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely b...

8.2CVSS6.3AI score0.00582EPSS

Exploits0References3

Github Security Blog•added 2026/02/09 9:30 a.m.•6 views

MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

5.8CVSS6AI score0.00165EPSS

Exploits0References3Affected Software1

Github Security Blog•added 2026/02/09 9:30 a.m.•6 views

MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

Impact Critical Sandbox Escape & Server Takeover: A critical security vulnerability exists in mcp-run-python due to a lack of isolation between the Python runtime Pyodide and the host JavaScript environment. The runPython and runPythonAsync functions execute Python code using Pyodide without...

5.8CVSS6.1AI score0.00177EPSS

Exploits0References3Affected Software1

OSV•added 2026/02/09 9:30 a.m.•4 views

GHSA-PFV4-WMPH-5GC6 MCP Run Python has a Sandbox Escape & Server Takeover Vulnerability

5.8CVSS6.3AI score0.00177EPSS

Exploits0References3

OSV•added 2026/02/09 9:30 a.m.•3 views

GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

5.8CVSS6.2AI score0.00165EPSS

Exploits0References3

Github Security Blog•added 2026/02/09 6:30 a.m.•9 views

jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

Impact Arbitrary Code Injection Remote Code Execution & XSS: A critical security vulnerability affects all versions of the jsonpath package. The library relies on the static-eval module to evaluate JSON Path expressions but fails to properly sanitize or sandbox the input. This allows an attacker ...

9.8CVSS6.2AI score0.00834EPSS

Exploits0References8Affected Software1

OSV•added 2026/02/09 6:30 a.m.•3 views

GHSA-87R5-MP6G-5W5J jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

9.8CVSS6.1AI score0.00834EPSS

Exploits0References8

Tenable Nessus•added 2026/02/09 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-22044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has...

8.8CVSS5.8AI score0.00264EPSS

Exploits0References2

Positive Technologies•added 2026/02/08 12:0 a.m.•6 views

PT-2026-6995

Name of the Vulnerable Software and Affected Versions detronetdip E-commerce version 1.0.0 Description A security flaw exists in detronetdip E-commerce 1.0.0 related to unrestricted file upload. The issue affects the processing of the file /seller/assets/backend/profile/addadhar.php. Manipulation...

7.5CVSS5.3AI score0.00451EPSS

Exploits1References8

RedhatCVE•added 2026/02/05 7:23 p.m.•4 views

CVE-2025-69215

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...

8.8CVSS5.7AI score0.00374EPSS

Exploits3References1

NVD•added 2026/02/04 6:16 p.m.•6 views

CVE-2025-69213

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...

8.8CVSS0.00381EPSS

Exploits3References1

NVD•added 2026/02/04 6:16 p.m.•5 views

CVE-2025-69215

8.8CVSS0.00374EPSS

Exploits3References1

ATTACKERKB•added 2026/02/04 5:47 p.m.•9 views

CVE-2026-25139

RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things IoT devices and other embedded devices. In version 2025.10 and prior, multiple out-of-bounds read allow any unauthenticated user, with ability to send or manipulate input packets, to...

8.7CVSS5.4AI score0.0048EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/02/04 5:42 p.m.•32 views

CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module

8.7CVSS0.00374EPSS

Exploits3References1

OSV•added 2026/02/04 5:42 p.m.•6 views

CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module

8.7CVSS5.7AI score0.00374EPSS

Exploits3References3

CVE•added 2026/02/04 5:42 p.m.•9 views

CVE-2025-69213

CVE-2025-69213 affects OpenSTAManager prior to 2.10-beta, with a SQL Injection in the ajax_complete.php endpoint (get_sedi) that concatenates user input from the idanagrafica parameter into the SQL query. The vulnerability enables an authenticated attacker to inject SQL via idanagrafica, potentia...

8.8CVSS6AI score0.00381EPSS

Exploits3References1Affected Software1