CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/01/30 4:16 p.m.•4 views

EUVD-2020-30961

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that...

6.4CVSS6AI score0.00252EPSS

RedhatCVE•added 2026/01/30 3:24 a.m.•5 views

CVE-2025-69604

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

7.8CVSS6AI score0.00101EPSS

Positive Technologies•added 2026/01/30 12:0 a.m.•5 views

PT-2026-5469

Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicious commands in the extra scripts field and trigger processing to execute remote code on the...

9.8CVSS6.5AI score0.02255EPSS

CNNVD•added 2026/01/30 12:0 a.m.•3 views

Koken CMS code-related vulnerabilities

Koken CMS is a content management system developed by Todd Dominey. Version 0.22.24 of Koken CMS has code vulnerabilities; these vulnerabilities stem from an extension name limitation in the file upload function, which may allow the upload of malicious PHP files and the execution of system comman...

8.8CVSS6AI score0.00601EPSS

NVD•added 2026/01/29 10:15 p.m.•9 views

CVE-2026-25046

Kimi Agent SDK is a set of libraries that expose the Kimi Code Kimi CLI agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync as shell command strings. Prior to version 0.1.6, filenames containing shell metacharacters like $cmd could execute...

2.9CVSS0.00113EPSS

Cvelist•added 2026/01/29 9:37 p.m.•20 views

CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

2.9CVSS0.00113EPSS

Vulnrichment•added 2026/01/29 9:37 p.m.•2 views

CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

2.9CVSS5.9AI score0.00113EPSS

EUVD•added 2026/01/29 9:37 p.m.•12 views

EUVD-2026-4948

ATTACKERKB•added 2026/01/29 9:37 p.m.•3 views

CVE-2026-25046

Exploits0References2Affected Software1

OSV•added 2026/01/29 9:37 p.m.•5 views

CVE-2026-25046 [Kimi VS Code] Command Injection in publish scripts vsix-publish.js and ovsx-publish.js

CVE•added 2026/01/29 9:37 p.m.•20 views

Exploits0References3

CVE-2026-25046

The CVE concerns the Kimi Agent SDK, specifically the development scripts vsix-publish.js and ovsx-publish.js, which pass filenames to shell via execSync(). Prior to v0.1.6, filenames containing shell metacharacters (e.g., $(cmd)) could cause arbitrary command execution. It affects development sc...

RedhatCVE•added 2026/01/29 3:26 a.m.•15 views

CVE-2026-24833

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

7.6CVSS5.9AI score0.00174EPSS

RedhatCVE•added 2026/01/29 3:26 a.m.•11 views

CVE-2026-24838

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

9.1CVSS6AI score0.00188EPSS

Fedora•added 2026/01/29 12:56 a.m.•5 views

[SECURITY] Fedora 43 Update: perl-HarfBuzz-Shaper-0.033-2.fc43

HarfBuzz::Shaper is a perl module that provides access to a small subset of the native HarfBuzz library. The subset is suitable for typesetting programs that need to deal with complex languages like Devanagari. This module is intended to be used with module L...

7.5CVSS5.8AI score0.00424EPSS

Exploits1

EUVD•added 2026/01/29 12:0 a.m.•7 views

EUVD-2025-206519

6AI score0.00101EPSS

Exploits0References3

Positive Technologies•added 2026/01/29 12:0 a.m.•4 views

PT-2026-5361

Name of the Vulnerable Software and Affected Versions Kimi Agent SDK versions prior to 0.1.6 Description The Kimi Agent SDK libraries expose the Kimi Code agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to the execSync function as shell command string...

EUVD•added 2026/01/28 12:29 p.m.•3 views

EUVD-2020-30901

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

6.4CVSS6AI score0.00249EPSS

Exploits1References4

GithubExploit•added 2026/01/28 9:36 a.m.•144 views

BurpSuitePro

Burp Suite Bambda Scripts - Vulnerability Testing Toolkit v2.0...

6AI score

Exploits0

NVD•added 2026/01/28 12:15 a.m.•4 views

CVE-2026-24837

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13....

7.6CVSS0.00249EPSS