Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

89 matches found

NVD
NVDadded 4 days ago12 views

CVE-2026-35482

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS0.00036EPSS
Exploits0References1
EUVD
EUVDadded 4 days ago7 views

EUVD-2026-34050

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00036EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 4 days ago6 views

CVE-2026-35482

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS6.1AI score0.00036EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/05/27 10:49 p.m.17 views

Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorithm Code Injection

Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and evaluates user-controlled algorithm text using Jython via the JSR-223 ScriptEngine API without enforcing a secure sandbox. An authenticat...

6.2AI score
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/27 12:0 a.m.24 views

CVE-2026-38426

The CVE-2026-38426 issue affects Arendst Tasmota, v15.3.0.3 and earlier, via the xdrv_10_scripter.ino fetch_jpg()/jpg_task.boundary[40] path. A strcpy() overrun of boundary[40] can corrupt adjacent fields, including vtable pointers for WiFiClient/HTTPClient, enabling remote code execution on ESP3...

7.3CVSS6.2AI score0.00237EPSS
Exploits2References2
Cvelist
Cvelistadded 2026/03/12 12:32 a.m.25 views

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

6.5CVSS0.00061EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/03/12 12:32 a.m.1 views

CVE-2026-3968 AutohomeCorp frostmourne Oracle Nashorn JavaScript ExpressionRule.java scriptEngine.eval code injection

A vulnerability has been found in AutohomeCorp frostmourne up to 1.0. This affects the function scriptEngine.eval of the file ExpressionRule.java of the component Oracle Nashorn JavaScript Engine. Such manipulation of the argument EXPRESSION leads to code injection. The attack can be executed...

6.5CVSS6.3AI score0.00061EPSS
Exploits0References4
OSV
OSVadded 2026/03/03 12:31 p.m.3 views

GHSA-C87W-642H-M97H Apache Ranger has a Code Injection vulnerability

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

9.8CVSS6AI score0.00101EPSS
Exploits1References4
Github Security Blog
Github Security Blogadded 2026/03/03 12:31 p.m.4 views

Apache Ranger has a Code Injection vulnerability

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

9.8CVSS6AI score0.00101EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2026/03/03 11:16 a.m.1 views

CVE-2025-59059

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

9.8CVSS0.00101EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/03/03 10:44 a.m.4 views

CVE-2025-59059 Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

6AI score0.00101EPSS
Exploits1References1
CVE
CVEadded 2026/03/03 10:44 a.m.345 views

CVE-2025-59059

Apache Ranger CVE-2025-59059 is a remote code execution issue affecting Ranger versions

9.8CVSS6AI score0.00101EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/03 10:44 a.m.2 views

CVE-2025-59059

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

9.8CVSS6AI score0.00101EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/03 10:44 a.m.20 views

CVE-2025-59059 Apache Ranger: Remote Code Execution Vulnerability in NashornScriptEngineCreator

Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions = 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue...

0.00101EPSS
Exploits1References1
GithubExploit
GithubExploitadded 2026/02/05 10:6 p.m.192 views

Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml

yaml-payload Exploit payload JAR for demonstrating CVE-2022-...

9.8CVSS8.8AI score0.93849EPSS
Exploits7
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2018-8961

Malware in sbrugna...

9.8CVSS9.3AI score0.03031EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-25619

Malicious code in bioql PyPI...

8.8CVSS6.6AI score0.00211EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-17191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache NetBeans incubating 9.0 NetBeans Proxy Auto-Configuration PAC interpretation is vulnerable for remote command execution RCE. Using the nashorn script...

9.8CVSS8.9AI score0.03031EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/08/24 12:13 a.m.2 views

CVE-2025-52287

OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...

8.8CVSS7.7AI score0.00211EPSS
Exploits1References1
OSV
OSVadded 2025/08/22 6:15 p.m.1 views

CVE-2025-52287

OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability...

8.8CVSS5.8AI score0.00211EPSS
Exploits1References2
Rows per page
Query Builder