Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

30918 matches found

ATTACKERKB
ATTACKERKBadded 2026/02/04 7:55 p.m.4 views

CVE-2026-25157

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00008EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2026/02/04 7:55 p.m.27 views

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS0.00008EPSS
Exploits1References1
EUVD
EUVDadded 2026/02/04 7:55 p.m.2 views

EUVD-2026-5362

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00008EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/02/04 7:55 p.m.1 views

CVE-2026-25157 OpenClaw/Clawdbot has OS Command Injection via Project Root Path in sshNodeCommand

OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a shell script without properly escaping the user-supplied project path in an error message. When th...

7.7CVSS5.9AI score0.00008EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/02/04 7:36 p.m.7 views

n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

8.1CVSS6.5AI score0.00179EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/02/04 7:36 p.m.3 views

GHSA-M82Q-59GV-MCR9 n8n Vulnerable to Arbitrary File Write on Remote Systems via SSH Node

Impact When workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those remote systems potentially leading to remote code execution on those systems. As a...

7.1CVSS6.5AI score0.00179EPSS
Exploits0References5
CVE
CVEadded 2026/02/04 7:32 p.m.11 views

CVE-2026-25143

CVE-2026-25143 affects the melange build system. The built-in patch pipeline (pkg/build/pipelines/patch.yaml) accepts patch-related inputs and embeds them into shell scripts without proper quoting or validation, enabling shell metacharacters to escape the intended context. An attacker who can inf...

7.8CVSS6AI score0.00014EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/04 7:32 p.m.5 views

CVE-2026-25143

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS6AI score0.00014EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/04 7:32 p.m.4 views

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS6AI score0.00014EPSS
Exploits0References2
EUVD
EUVDadded 2026/02/04 7:32 p.m.5 views

EUVD-2026-5371

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS6AI score0.00014EPSS
Exploits0References2
NVD
NVDadded 2026/02/04 5:16 p.m.2 views

CVE-2026-25055

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...

8.1CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/04 4:47 p.m.23 views

CVE-2026-25055 n8n Arbitrary File Write on Remote Systems via SSH Node

n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating their metadata the vulnerability can lead to files being written to unintended locations on those...

7.1CVSS0.00179EPSS
Exploits0References1
CVE
CVEadded 2026/02/04 4:47 p.m.12 views

CVE-2026-25055

CVE-2026-25055 affects the open source workflow platform n8n. The issue occurs when workflows process uploaded files and transfer them to remote servers via the SSH node without validating metadata, which can cause files to be written to unintended locations on the remote system and potentially e...

8.1CVSS6.4AI score0.00179EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploitadded 2026/02/04 2:13 p.m.159 views

Exploit for Reliance on Untrusted Inputs in a Security Decision in Microsoft

Detections for the CVE-2026-21509 vulnerability in MS Office...

8.8CVSS5.5AI score0.94332EPSS
Exploits47
RedhatCVE
RedhatCVEadded 2026/02/04 1:20 p.m.3 views

CVE-2025-58381

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

4.6CVSS5.5AI score0.00006EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/02/04 1:20 p.m.3 views

CVE-2026-0383

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

8.2CVSS5.4AI score0.00013EPSS
Exploits0References1
Ubuntu
Ubuntuadded 2026/02/04 9:51 a.m.5 views

USN-8011-1: Emacs vulnerabilities

It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...

8.8CVSS6AI score0.01749EPSS
Exploits0
GithubExploit
GithubExploitadded 2026/02/04 8:56 a.m.130 views

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

5.6AI score
Exploits0
NVD
NVDadded 2026/02/04 4:15 a.m.4 views

CVE-2026-1791

Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...

2.7CVSS0.0002EPSS
Exploits0References1
CVE
CVEadded 2026/02/04 3:11 a.m.9 views

CVE-2026-1791

CVE-2026-1791 concerns Hillstone Networks products: Operation and Maintenance Security Gateway on Linux with vulnerable versions V5.5ST00001B113 and Hillstone Networks Security Gateway V5.5. The flaw is an unrestricted file upload of a dangerous file type, enabling an attacker to upload a web she...

2.7CVSS5.4AI score0.0002EPSS
Exploits0References1
Rows per page
Query Builder