CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17210 matches found

NVD•added 2026/05/04 5:16 a.m.•5 views

CVE-2026-7725

A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Handler. The manipulation of the argument commitsha/directories results in argument injection. It is...

6.5CVSS0.00057EPSS

Exploits0References8

Snyk•added 2026/05/04 3:2 a.m.•2 views

Malicious Package

Overview @ozon-complt/split is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/04 3:2 a.m.•2 views

Malicious Package

Overview @google-pay-trust/authorize-payment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization an...

9.8CVSS5.8AI score

Exploits0References2

Snyk•added 2026/05/04 3:2 a.m.•3 views

Malicious Package

Overview @m0ntana/app.web is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Exploits0References2

EUVD•added 2026/05/04 3:0 a.m.•3 views

EUVD-2026-26880

6.5CVSS5.5AI score0.00057EPSS

Exploits0References8

CVE•added 2026/05/04 3:0 a.m.•8 views

CVE-2026-7725

CVE-2026-7725 affects PrefectHQ Prefect up to 3.6.25.dev6. The flaw is in the GitRepository Pull Handler (src/prefect/runner/storage.py) where argument commit_sha/directories can be manipulated to cause argument injection. Remote exploitation is possible; the public exploit exists. A fix is avail...

6.5CVSS6.2AI score0.00057EPSS

Exploits0References8

Cvelist•added 2026/05/04 3:0 a.m.•33 views

CVE-2026-7725 PrefectHQ prefect GitRepository Pull storage.py argument injection

6.5CVSS0.00057EPSS

Exploits0References8

CNNVD•added 2026/05/04 12:0 a.m.•4 views

Prefect 注入漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource. It enables developers to build, monitor data pipelines, and respond to changes in those pipelines. Prefect versions 3.6.25.dev6 and earlier have a vulnerability due to an unknown feature in the GitRepository Pull Handler...

6.5CVSS6.6AI score0.00057EPSS

Exploits0References2

CNNVD•added 2026/05/04 12:0 a.m.•4 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from issues with the authentication-subscription endpoint in the...

5.3CVSS5.8AI score0.00106EPSS

Exploits0References1

Positive Technologies•added 2026/05/04 12:0 a.m.•5 views

PT-2026-37053

Name of the Vulnerable Software and Affected Versions apko versions prior to 1.2.7 Description The DiscoverKeys function in pkg/apk/apk/implementation.go performs an unconditional type-assertion of JWKS JSON Web Key Set keys as rsa.PublicKey without verifying the key type. If a repository JWKS...

6.5CVSS5.8AI score0.00035EPSS

Exploits0References9