CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30432 matches found

NVD•added 2026/04/22 5:16 p.m.•3 views

CVE-2026-35378

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS0.00018EPSS

Exploits1References2

ATTACKERKB•added 2026/04/22 4:9 p.m.•2 views

CVE-2026-35378

3.3CVSS5.9AI score0.00018EPSS

Exploits1References3

The Hacker News•added 2026/04/22 7:58 a.m.•5 views

Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file operations...

6AI score

Exploits0

EUVD•added 2026/04/22 12:31 a.m.•4 views

EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS6AI score0.00014EPSS

Exploits0References8

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-36854

Name of the Vulnerable Software and Affected Versions Evolver versions prior to 1.69.3 Description A command injection issue exists in the extractLLM function. The function constructs a curl command using string concatenation and passes it to execSync without proper sanitization. This allows...

9.8CVSS6.4AI score0.00547EPSS

Exploits0References9

Packet Storm•added 2026/04/22 12:0 a.m.•74 views

📄 Eclipse Che WebSocket Machine-Exec Remote Code Execution

This Python script is a WebSocket-based client designed to interact with an Eclipse Che / DevSpaces machine-exec service and test for an unauthenticated remote code execution vulnerability...

9CVSS6.4AI score0.45198EPSS

Exploits2

CNVD•added 2026/04/22 12:0 a.m.•1 views

Oracle MySQL Shell Core Client Denial of Service Vulnerability (CNVD-2026-18573)

Oracle MySQL Shell is a command line tool for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an attacker to cause MySQL...

5CVSS7.6AI score0.00019EPSS

Exploits0

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

9.4CVSS6.2AI score0.00464EPSS

Exploits0References6

CNVD•added 2026/04/22 12:0 a.m.•1 views

Oracle MySQL Shell Core Client Denial of Service Vulnerability (CNVD-2026-18574)

Oracle MySQL Shell is a command line tool and advanced client for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an...

5CVSS7.6AI score0.00019EPSS

Exploits0

NVD•added 2026/04/21 11:16 p.m.•2 views

CVE-2026-4821

8.1CVSS0.00014EPSS

Exploits0References7

Vulnrichment•added 2026/04/21 11:7 p.m.•1 views

CVE-2026-41304 WWBN AVideo vulnerable to RCE caused by clonesite plugin

WWBN AVideo is an open source video platform. In versions 29.0 and below, the cloneServer.json.php endpoint in the CloneSite plugin constructs shell commands using user-controlled input url parameter without proper sanitization. The input is directly concatenated into a wget command executed via...

9.3CVSS6AI score0.00649EPSS

Exploits1References2

CVE•added 2026/04/21 10:42 p.m.•8 views

CVE-2026-5845

Summary: CVE-2026-5845 affects GitHub Enterprise Server versions prior to 3.21, due to an improper authorization fallback in scoped user-to-server (ghu_) token handling. An authenticated attacker could access private repositories outside the intended installation scope, potentially including writ...

9.6CVSS5.8AI score0.00025EPSS

Exploits0References7Affected Software1

ATTACKERKB•added 2026/04/21 10:12 p.m.•2 views

CVE-2026-4821

8.1CVSS6AI score0.00014EPSS

Exploits0References8Affected Software1

EUVD•added 2026/04/21 9:31 p.m.•1 views

EUVD-2026-24418

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

5.8CVSS5.7AI score0.0005EPSS

Exploits0References2

EUVD•added 2026/04/21 9:31 p.m.•3 views

EUVD-2026-24420

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

5CVSS5.7AI score0.00019EPSS

Exploits0References2

EUVD•added 2026/04/21 9:31 p.m.•4 views

EUVD-2026-24416

5CVSS5.7AI score0.00019EPSS

Exploits0References2

NVD•added 2026/04/21 9:16 p.m.•3 views

CVE-2026-34319

5CVSS0.00019EPSS

Exploits0References1

NVD•added 2026/04/21 9:16 p.m.•1 views

CVE-2026-34317