CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

779 matches found

CVE-2026-54636

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9.9CVSS

Exploits0References2

EUVD•added yesterday•5 views

EUVD-2026-39806

9.9CVSS5.9AI score

Exploits0References2

OSV•added 5 days ago•2 views

GHSA-3QQ3-668M-V9MJ Gogs has a Denial of Service in repository/wiki file listing web pages

Summary A malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the pages containing the listing of files will return HTTP error 500 and render the web interface unusable for the repository or wiki. Details The issue is...

4.9CVSS5.9AI score0.0044EPSS

Exploits0References5

Positive Technologies•added 5 days ago•9 views

PT-2026-51428

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.14.3 Description A malicious user with permissions to create files in a repository or wiki page can trigger a denial of service. This occurs when pages containing file listings return an HTTP 500 error, rendering the w...

4.9CVSS5.8AI score0.0044EPSS

Exploits0References10

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability found in Python 3.11, Python 2.7, Python 3.7, and Pypy

The email module in Python, as of version 3.11.3, incorrectly parses email addresses that contain special characters. The incorrect portion of the RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism by allowing access to...

5.3CVSS6.5AI score0.02507EPSS

Exploits1References2

Cvelist•added 2026/06/15 6:54 p.m.•45 views

CVE-2026-47835 Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected versions: Spring AI 1.0.0...

8.6CVSS0.00254EPSS

Exploits0References1

CVE•added 2026/06/15 6:54 p.m.•15 views

CVE-2026-47835

In Spring AI Vector Stores, the vulnerability arises from improper handling of special characters that could lead to arbitrary query execution in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components are spring-ai-elasticsearch-store, spring-ai-opensearch-store, and spring-ai-gemfi...

8.6CVSS5.6AI score0.00254EPSS

Exploits0References1Affected Software1

Spring Security Advisories•added 2026/06/12 12:0 a.m.•7 views

CVE-2026-47835: Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB...

8.6CVSS5.6AI score0.00254EPSS

Exploits0References1Affected Software1

NVD•added 2026/06/10 6:17 p.m.•11 views

CVE-2026-9151

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS0.01069EPSS

Exploits0References5