CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6341 matches found

EUVD•added 2026/03/19 10:6 p.m.•4 views

EUVD-2026-13288

OpenClaw versions prior to 2026.2.22 contain a path traversal vulnerability in the static file handler that follows symbolic links, allowing out-of-root file reads. Attackers can place symlinks under the Control UI root directory to bypass directory confinement checks and read arbitrary files...

4.8CVSS5.9AI score0.00131EPSS

Exploits0References3

SUSE CVE•added 2026/03/19 12:27 a.m.•3 views

SUSE CVE-2026-23252

In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchkxfiledescr calls The xchkxfiledescr macros call kasprintf, which can fail to allocate memory if the formatted string is larger than 16 bytes or whatever the nofail guarantees are nowadays. Some of them cou...

5.5AI score0.00122EPSS

Exploits0References3

EUVD•added 2026/03/18 6:31 p.m.•3 views

EUVD-2026-12858

5.6AI score0.00122EPSS

Exploits0References4

OSV•added 2026/03/18 6:16 p.m.•3 views

DEBIAN-CVE-2026-23252

5.5CVSS5.2AI score0.00122EPSS

Exploits0References1

UbuntuCve•added 2026/03/18 6:16 p.m.•3 views

CVE-2026-23252

5.5CVSS5.7AI score0.00122EPSS

Exploits0References5

OSV•added 2026/03/18 6:16 p.m.•4 views

UBUNTU-CVE-2026-23252

5.5CVSS5.7AI score0.00122EPSS

Exploits0References6

Cvelist•added 2026/03/18 5:1 p.m.•21 views

CVE-2026-23252 xfs: get rid of the xchk_xfile_*_descr calls

0.00122EPSS

Exploits0References4

ATTACKERKB•added 2026/03/18 5:1 p.m.•3 views

CVE-2026-23252

5.6AI score0.00122EPSS

Exploits0References4Affected Software1

OSV•added 2026/03/18 5:1 p.m.•3 views

CVE-2026-23252 xfs: get rid of the xchk_xfile_*_descr calls

5.5CVSS5.7AI score0.00122EPSS

Exploits0References7

OSSF Malicious Packages•added 2026/03/18 1:10 p.m.•7 views

Malicious code in static-content-cannabis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad874c892146b9bd12da1a27cfcf9bb790ac0fa7f7e82c795585e7343806eb1b The package static-content-cannabis was found to contain malicious code...

5.8AI score

Exploits0

OSV•added 2026/03/18 1:10 p.m.•4 views

MAL-2026-1856 Malicious code in static-content-cannabis (npm)

5.8AI score

Exploits0

The Hacker News•added 2026/03/18 11:58 a.m.•8 views

Claude Code Security and Magecart: Getting the Threat Model Right

When a Magecart payload hides inside the EXIF data of a dynamically loaded third-party favicon, no repository scanner will catch it – because the malicious code never actually touches your repo. As teams adopt Claude Code Security for static analysis, this is the exact technical boundary where AI...

6.1AI score

Exploits0

RedhatCVE•added 2026/03/18 1:36 a.m.•2 views

CVE-2026-32981

A path traversal flaw has been identified in Ray Dashboard in the Ray Pypi package. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the intended static directory,...

8.7CVSS5.6AI score0.00688EPSS

Exploits1References6

EUVD•added 2026/03/17 9:31 p.m.•3 views

EUVD-2026-12635

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

8.7CVSS5.8AI score0.00688EPSS

Exploits1References4

OSV•added 2026/03/17 9:31 p.m.•3 views

GHSA-J3MH-QMJJ-XP83 Ray Dashboard is vulnerable to path traversal through its static file handling mechanism

8.7CVSS7.7AI score0.00688EPSS

Exploits1References5