CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/03/19 5:11 p.m.•15 views

CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration

6.5CVSS0.00042EPSS

Snyk•added 2026/03/19 5:11 p.m.•1 views

Missing Authorization

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Missing Authorization in the Detection Rule Management. An attacker can perform unauthorized system actions, such as host isolatio...

7.1CVSS5.9AI score0.00042EPSS

Snyk•added 2026/03/19 4:56 p.m.•2 views

Incorrect Bitwise Shift of Integer

Overview Affected versions of this package are vulnerable to Incorrect Bitwise Shift of Integer in the zisofs decompression process due to improper validation of the pzlog2bs field from ISO9660 Rock Ridge extensions. An attacker can cause application crashes and service disruption by supplying a...

8.6CVSS5.4AI score0.00185EPSS

OSV•added 2026/03/19 12:51 p.m.•2 views

GHSA-WVR4-3WQ4-GPC5 MCP Connect has unauthenticated remote OS command execution via /bridge endpoint

Summary When AUTHTOKEN and ACCESSTOKEN environment variables are not set which is the default out-of-the-box configuration the /bridge HTTP endpoint is completely unauthenticated. Any network-accessible caller can POST a request with an attacker-controlled serverPath and args payload, causing the...

9.8CVSS6.7AI score

CNNVD•added 2026/03/19 12:0 a.m.•2 views

OpenClaw 路径遍历漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability that stems from the function accepting an arbitrary absolute path when the iMessage remote attachment fetch function is enabled. An attacker could use this vulnerability ...

8.2CVSS5.9AI score0.00077EPSS

Exploits0References3

Snyk•added 2026/03/18 8:19 p.m.•5 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the serialization process of raw-text elements such as script and style when a custom sanitization policy retains these elements. An attacker can...

4.7CVSS5.8AI score

EUVD•added 2026/03/18 6:31 p.m.•2 views

EUVD-2026-12910

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by passing the opened...

5.7AI score0.00021EPSS

Exploits0References5

NVD•added 2026/03/18 6:16 p.m.•2 views

CVE-2026-26945

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent...

5.3CVSS0.00058EPSS

ATTACKERKB•added 2026/03/18 5:54 p.m.•2 views

CVE-2026-23268

7.8CVSS5.7AI score0.00021EPSS

Exploits0References10Affected Software1

Cvelist•added 2026/03/18 5:27 p.m.•14 views

CVE-2026-26945

5.3CVSS0.00058EPSS

CVE•added 2026/03/18 5:27 p.m.•5 views

CVE-2026-26945

Dell Integrated Dell Remote Access Controller (iDRAC) 9/14G versions prior to 7.00.00.181, iDRAC 9 15G/16G prior to 7.20.10.50, and iDRAC 10, 17G prior to 1.20.25.00 contain a Process Control vulnerability. A high-privilege attacker with adjacent network access could potentially exploit this vuln...

5.3CVSS6AI score0.00058EPSS

Vulnrichment•added 2026/03/18 5:27 p.m.•1 views

CVE-2026-26945

5.3CVSS6AI score0.00058EPSS

Vulnrichment•added 2026/03/18 7:34 a.m.•2 views

CVE-2026-22319 Stack-Based Buffer Overflow in File Install Parameter Handling

A stack-based buffer overflow in the device's file installation workflow allows a high-privileged attacker to send oversized POST parameters that overflow a fixed-size stack buffer within an internal process, resulting in a DoS attack...

4.9CVSS6.2AI score0.00018EPSS

OSV•added 2026/03/18 6:16 a.m.•3 views

UBUNTU-CVE-2026-32596

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.2, Glances web server runs without authentication by default when started with glances -w, exposing REST API with sensitive system information including process command-lines containing credentials passwords, API keys,...

8.7CVSS5.8AI score0.04747EPSS

Exploits1References4

Vulnrichment•added 2026/03/18 6:3 a.m.•2 views

CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...

AlpineLinux•added 2026/03/18 6:3 a.m.•2 views

Exploits1References3

CVE-2026-32608

OSV•added 2026/03/18 6:3 a.m.•3 views

Exploits1References3

CVE-2026-32608 Glances has a Command Injection via Process Names in Action Command Templates

CVE•added 2026/03/18 6:3 a.m.•13 views

Exploits1References5

CVE-2026-32608

Glances CVE-2026-32608 describes a local command-injection in the action system. Before 4.5.2, Mustache-rendered values such as process names, mount points, or container names could contain shell metacharacters that are not safely handled by secure_popen(), causing unintended command splitting. A...