CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

768 matches found

EUVD-2026-34177

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

3.6CVSS4.7AI score

Exploits0References7

Metasploit•added yesterday•22 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

5.9AI score

Exploits0

Packet Storm•added yesterday•18 views

📄 Gogs Git Rebase Argument Injection / Remote Code Execution

This Metasploit module exploits an argument injection vulnerability in the pull request merge flow of Gogs versions less than or equal to 0.14.2 and less than or equal to 0.15.0+dev. frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source:...

5.8AI score

Exploits0

ATTACKERKB•added 2 days ago•5 views

CVE-2026-10565

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...

3.1CVSS5AI score0.00041EPSS

Exploits0References8

EUVD•added 2 days ago•8 views

EUVD-2026-33871

3.1CVSS5AI score0.00041EPSS

Exploits0References8

Positive Technologies•added 2 days ago•9 views

PT-2026-45683

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm state security mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an...

3.1CVSS5AI score0.00041EPSS

Exploits0References9

ATTACKERKB•added 3 days ago•4 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00047EPSS

Exploits0References6

Vulnrichment•added 3 days ago•5 views

CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS5.8AI score0.00033EPSS

Exploits0References2

PyPA•added 3 days ago•3 views

PYSEC-2026-184

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00051EPSS

Exploits0References2Affected Software1

OSV•added 3 days ago•2 views

PYSEC-2026-184

9.1CVSS5.8AI score0.00051EPSS

Exploits0References2

Positive Technologies•added 3 days ago•6 views

PT-2026-45663

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora path leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00047EPSS

Exploits0References7

Positive Technologies•added 4 days ago•7 views

PT-2026-45187

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS6.2AI score0.00043EPSS

Exploits0References8

RedhatCVE•added 5 days ago•8 views

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS6.3AI score0.00079EPSS

Exploits0References1

RedhatCVE•added 5 days ago•8 views

CVE-2026-44358

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00029EPSS

Exploits0References1

SUSE CVE•added 6 days ago•18 views

SUSE CVE-2026-45321

On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/ packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself...

9.6CVSS6AI score0.17051EPSS

Exploits3References3

The Hacker News•added last week•11 views

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an authenticated user to execute arbitrary code under certain conditions. The security flaw, per Rapid7, is rated 9.4 on the CVSS scoring system. It does not have a CVE...

6.8AI score

Exploits0