Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2970 matches found

NVD
NVDadded 2026/03/02 5:16 a.m.1 views

CVE-2026-3409

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS0.00065EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/02 4:2 a.m.2 views

EUVD-2026-9142

A security flaw has been discovered in eosphoros-ai db-gpt 0.7.5. Affected is the function importlib.machinery.SourceFileLoader.execmodule of the file /api/v1/serve/awel/flow/import of the component Flow Import Endpoint. Performing a manipulation as part of File results in code injection. The...

7.5CVSS5.7AI score0.00065EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/02 12:0 a.m.4 views

PT-2026-22540

Name of the Vulnerable Software and Affected Versions eosphoros-ai db-gpt version 0.7.5 Description A security flaw exists in eosphoros-ai db-gpt version 0.7.5 related to code injection. The issue is located in the function importlib.machinery.SourceFileLoader.exec module within the file...

7.5CVSS7AI score0.00065EPSS
Exploits0References13
ATTACKERKB
ATTACKERKBadded 2026/03/01 2:2 p.m.6 views

CVE-2026-3395

A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editormarkitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack...

9.8CVSS6.7AI score0.00056EPSS
Exploits1References6Affected Software1
CVE
CVEadded 2026/03/01 2:2 p.m.30 views

CVE-2026-3395

Summary (CVE-2026-3395): MaxSite CMS up to 109.1 contains a flaw in the MarkItUp Preview AJAX Endpoint (preview-ajax.php) where unsanitized input is passed to run_php and evaluated via PHP eval(), enabling unauthenticated remote code execution. This is driven by weak authorization checks in the M...

9.8CVSS6.7AI score0.00056EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/27 12:0 a.m.1 views

PT-2026-24944

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.19-2 Description A flaw exists in the applySkillConfigenvOverrides function within the Skill Env Handler component. This issue allows for code injection when a manipulation is executed remotely. The issue arises becaus...

8.8CVSS6.6AI score0.00117EPSS
Exploits0References16
RedhatCVE
RedhatCVEadded 2026/02/07 7:22 a.m.4 views

CVE-2026-1977

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...

6.5CVSS6.1AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/07 7:22 a.m.6 views

CVE-2026-2008

A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqnchart of the file fmcp/mplmcp/core/eqnchart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate...

8.8CVSS6.4AI score0.001EPSS
Exploits1References1
NVD
NVDadded 2026/02/06 7:16 a.m.5 views

CVE-2026-2008

A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqnchart of the file fmcp/mplmcp/core/eqnchart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate...

8.8CVSS0.001EPSS
Exploits1References6
EUVD
EUVDadded 2026/02/06 7:2 a.m.4 views

EUVD-2026-5692

A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqnchart of the file fmcp/mplmcp/core/eqnchart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate...

6.5CVSS6.4AI score0.001EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2026/02/06 7:2 a.m.1 views

CVE-2026-2008 abhiphile fermat-mcp eqn_chart.py eqn_chart code injection

A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqnchart of the file fmcp/mplmcp/core/eqnchart.py. Performing a manipulation of the argument equations results in code injection. It is possible to initiate...

6.5CVSS5.5AI score0.001EPSS
Exploits1References6
CVE
CVEadded 2026/02/06 7:2 a.m.7 views

CVE-2026-2008

The CVE-2026-2008 entry concerns abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. The vulnerability affects the eqn_chart function in fmcp/mpl_mcp/core/eqn_chart.py. According to connected sources, manipulating the equations argument can cause code injection, and the attack ca...

8.8CVSS6.5AI score0.001EPSS
Exploits1References6Affected Software1
NVD
NVDadded 2026/02/06 4:15 a.m.3 views

CVE-2026-1977

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...

6.5CVSS0.00065EPSS
Exploits0References5
CVE
CVEadded 2026/02/06 3:32 a.m.7 views

CVE-2026-1977

The CVE-2026-1977 entry concerns isaacwasserman mcp-vegalite-server. The vulnerability affects the eval usage in the visualize_data component, where manipulating the vegalite_specification argument can cause code injection. A remote attacker could exploit this, and public PoC details are noted. T...

6.5CVSS6.2AI score0.00065EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/02/06 3:32 a.m.2 views

CVE-2026-1977

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...

6.5CVSS5.1AI score0.00065EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/02/06 3:32 a.m.1 views

CVE-2026-1977 isaacwasserman mcp-vegalite-server visualize_data eval code injection

A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualizedata. Such manipulation of the argument vegalitespecification leads to code injection. The...

6.5CVSS5.1AI score0.00065EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/02/06 12:0 a.m.4 views

PT-2026-6671

Name of the Vulnerable Software and Affected Versions isaacwasserman mcp-vegalite-server versions prior to 16aefed598b8cd897b78e99b907f6e2984572c61 Description A security issue exists in the eval function of the visualize data component. Manipulation of the vegalite specification argument can lea...

6.5CVSS5.3AI score0.00065EPSS
Exploits0References8
NVD
NVDadded 2026/02/03 11:15 a.m.3 views

CVE-2025-67850

A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

7.3CVSS0.00012EPSS
Exploits0References2
CVE
CVEadded 2026/02/03 10:52 a.m.8 views

CVE-2025-67850

CVE-2025-67850 – Moodle XSS via formula editor : Affected component is Moodle, where insufficient validation of user-provided data in the formula editor’s arithmetic expression fields allows a remote attacker to inject malicious code. When other users view these expressions, the script can execut...

7.3CVSS5.6AI score0.00012EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.3 views

PT-2026-6383

A flaw was found in Moodle. This vulnerability, known as Cross-site Scripting XSS, occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions...

7.3CVSS5.7AI score0.00012EPSS
Exploits0References7
Rows per page
Query Builder