Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2970 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/05 11:0 a.m.2 views

CVE-2026-5562

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS6.7AI score0.0009EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/05 11:0 a.m.1 views

CVE-2026-5562 provectus kafka-ui Endpoint testexecutions validateAccess code injection

A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation leads to code injection. The attack can be initiated remotely. The exploit is publicly available and...

7.5CVSS6.7AI score0.0009EPSS
Exploits1References4
NVD
NVDadded 2026/04/05 10:16 a.m.1 views

CVE-2026-5556

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

6.5CVSS0.00017EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/05 9:30 a.m.2 views

CVE-2026-5556

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

6.5CVSS6.2AI score0.00017EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.1 views

PT-2026-30426

A security vulnerability has been detected in badlogic pi-mono up to 0.58.4. This vulnerability affects the function discoverAndLoadExtensions of the file packages/coding-agent/src/core/extensions/loader.ts. The manipulation leads to code injection. Remote exploitation of the attack is possible...

6.5CVSS6.2AI score0.00017EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.2 views

PT-2026-30451

Name of the Vulnerable Software and Affected Versions Fosowl agenticSeek version 0.1.0 Description A code injection issue exists in the PyInterpreter.execute function within the sources/tools/PyInterpreter.py file of the query Endpoint component. This manipulation can be exploited remotely. The...

9.8CVSS7AI score0.00051EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/04/05 12:0 a.m.2 views

PT-2026-30432

Name of the Vulnerable Software and Affected Versions provectus kafka-ui versions up to 0.7.2 Description A code injection issue exists in the validateAccess function within the Endpoint component, specifically in the file /api/smartfilters/testexecutions. This can be triggered remotely. The...

9.8CVSS7AI score0.0009EPSS
Exploits1References7
ATTACKERKB
ATTACKERKBadded 2026/03/31 12:0 a.m.1 views

CVE-2026-30309

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

7.8CVSS6.5AI score0.00038EPSS
Exploits0References3
EUVD
EUVDadded 2026/03/30 3:32 p.m.2 views

EUVD-2026-17104

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewsupplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

6.1CVSS6AI score0.00066EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/29 11:3 p.m.2 views

CVE-2026-5011

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS5.6AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/29 11:3 p.m.1 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/28 11:9 p.m.1 views

CVE-2026-4963

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

7.6CVSS6.3AI score0.00084EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/28 9:33 p.m.1 views

EUVD-2026-16942

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS6.3AI score0.00065EPSS
Exploits0References6
NVD
NVDadded 2026/03/28 7:16 p.m.1 views

CVE-2026-5011

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS0.00065EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/28 6:30 p.m.1 views

CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS5.6AI score0.00065EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/28 6:30 p.m.1 views

CVE-2026-5011

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS5.6AI score0.00065EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/28 1:15 p.m.1 views

CVE-2026-4998 Sinaptik AI PandasAI Chat Message code_executor.py CodeExecutor.execute code injection

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/27 6:31 p.m.1 views

EUVD-2026-16726

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

7.6CVSS6.3AI score0.00084EPSS
Exploits1References8
Github Security Blog
Github Security Blogadded 2026/03/27 6:31 p.m.5 views

Hugging Face Smolagents has an Injection issue

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

10CVSS6.3AI score0.00022EPSS
Exploits1References9Affected Software1
OSV
OSVadded 2026/03/27 6:31 p.m.1 views

GHSA-54FQ-V6X8-244G Hugging Face Smolagents has an Injection issue

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

6.3CVSS5.6AI score0.00022EPSS
Exploits1References9
Rows per page
Query Builder