CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/22 10:3 p.m.•7 views

CVE-2026-23652

Improper neutralization of special elements used in a command 'command injection' in Microsoft Power Pages allows an unauthorized attacker to execute code over a network...

10CVSS6AI score0.00577EPSS

Cvelist•added 2026/05/22 10:3 p.m.•17 views

CVE-2026-23652 Microsoft Power Pages Remote Code Execution Vulnerability

...

10CVSS0.00577EPSS

CVE•added 2026/05/22 10:3 p.m.•43 views

CVE-2026-23652

Microsoft Power Pages is affected by CVE-2026-23652, a remote code execution vulnerability due to improper neutralization of special elements used in a command injection. The issue allows an unauthenticated attacker to trigger code execution over the network with no user interaction, by exploitin...

10CVSS6AI score0.00577EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/05/22 10:3 p.m.•14 views

CVE-2026-40412 Azure Orbital Spatio Remote Code Execution Vulnerability

...

10CVSS0.00534EPSS

EUVD•added 2026/05/22 10:3 p.m.•10 views

EUVD-2026-31511

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network...

10CVSS6AI score0.00534EPSS

Vulnrichment•added 2026/05/22 10:3 p.m.•7 views

CVE-2026-40412 Azure Orbital Spatio Remote Code Execution Vulnerability

...

10CVSS5.8AI score0.00534EPSS

CVE•added 2026/05/22 10:3 p.m.•32 views

CVE-2026-40412

Azure Orbital Spatio has a Remote Code Execution vulnerability (CVE-2026-40412) due to unrestricted upload of a file with a dangerous type, allowing an unauthenticated attacker to execute code over the network. Affected product: Azure Orbital Spatio. Impact is high for confidentiality, integrity,...

10CVSS6AI score0.00534EPSS

Exploits0References1Affected Software1

GithubExploit•added 2026/05/22 10:1 p.m.•80 views

Exploit for Code Injection in Langflow

CVE-2026-33017 — Langflow Unauthenticated Remote Code Executio...

9.8CVSS6.7AI score0.98412EPSS

Exploits16

Snyk•added 2026/05/22 9:0 p.m.•14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a remote code execution backdoor and an advanced credential stealer. A malicious actor exploited remapped historical tags to commit malicious commits, retroactively compromising over 700 versions of...

Snyk•added 2026/05/22 9:0 p.m.•11 views

Embedded Malicious Code

Snyk•added 2026/05/22 9:0 p.m.•11 views

Embedded Malicious Code

Snyk•added 2026/05/22 9:0 p.m.•12 views

Embedded Malicious Code

GithubExploit•added 2026/05/22 8:44 p.m.•82 views

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...

8.8CVSS6AI score0.24462EPSS

Exploits5

GithubExploit•added 2026/05/22 8:44 p.m.•72 views

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 — Android Debug Bridge ADB Auth Bypass RCE...

8.8CVSS6.2AI score0.00541EPSS

Exploits12

NVD•added 2026/05/22 8:16 p.m.•16 views

CVE-2026-5817

The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trustremotecode=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.frompretrained to import and execute arbitrary Python files included in any model pulled fr...

8.8CVSS0.00224EPSS

Exploits1References1

EUVD•added 2026/05/22 7:28 p.m.•9 views

EUVD-2026-31491

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the modelfile configuration field in config.json. When a model's config.json specifies a modelfile pointing to a Python...

8.8CVSS6.4AI score0.00224EPSS