CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

CVE•added 2026/03/11 12:0 a.m.•6 views

CVE-2026-30741

CVE-2026-30741 affects OpenClaw Agent Platform v2026.2.6. The issue is a remote code execution (RCE) via a Request-Side prompt injection attack. The description states the vulnerability allows attackers to execute arbitrary code, but the provided documents do not include concrete exploitation ste...

9.8CVSS6.5AI score0.00452EPSS

Exploits2References3Affected Software1

RedhatCVE•added 2025/06/29 10:19 p.m.•4 views

CVE-2025-53098

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

8.1CVSS7.7AI score0.00375EPSS

Exploits0References1

RedhatCVE•added 2025/06/13 6:15 p.m.•2 views

CVE-2025-49150

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

5.9CVSS5.8AI score0.00196EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 7:31 a.m.•2 views

CVE-2024-48144

A prompt injection vulnerability in the chatbox of Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message...

9.1CVSS7.1AI score0.00247EPSS

Exploits0References1

RedhatCVE•added 2025/04/17 1:35 p.m.•11 views

CVE-2025-3579

In versions prior to Aidex 1.7, an authenticated malicious user, taking advantage of an open registry, could execute unauthorised commands within the system. This includes executing operating system Unix commands, interacting with internal services such as PHP or MySQL, and even invoking native...

9.3CVSS7.6AI score0.00243EPSS

Exploits0References3

RedhatCVE•added 2025/02/15 9:23 a.m.•4 views

CVE-2024-3303

An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.6.5, starting from 17.7 prior to 17.7.4, and starting from 17.8 prior to 17.8.2, which allows an attacker to exfiltrate contents of a private issue using prompt injection...

6.4CVSS6.2AI score0.00141EPSS

Exploits1References1

The Hacker News•added 2024/06/27 10:4 a.m.•37 views

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...

8.1CVSS8.6AI score0.05237EPSS

Exploits0