CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7734 matches found

GithubExploit•added 2026/03/31 9:27 a.m.•97 views

poc-studio-public

Nuclei Offline GUI This is a pure offline desktop prototype,...

5.9AI score

Exploits0

RedhatCVE•added 2026/03/31 4:59 a.m.•3 views

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

8.2CVSS5.9AI score0.00102EPSS

Exploits1References1

AlpineLinux•added 2026/03/31 1:43 a.m.•2 views

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

9.8CVSS6AI score0.00028EPSS

Exploits1References3

CNNVD•added 2026/03/31 12:0 a.m.•4 views

slippers 跨站脚本漏洞

Slippers is a Django template language enhancement tool developed by Mitchel Cabuloy. Versions of Slippers prior to 0.6.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from template tags that did not escape context variables, which could lead to cross-site scripting...

6.1CVSS5.6AI score0.00052EPSS

Exploits1References3

Tenable Nessus•added 2026/03/31 12:0 a.m.•5 views

CentOS 9 : openssh-9.9p1-7.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssh-9.9p1-7.el9 build changelog. - Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex CVE-2026-3497 Note that Nessus has not tested for...

7.5CVSS6.8AI score0.00101EPSS

Exploits0References2

EUVD•added 2026/03/30 6:31 p.m.•1 views

EUVD-2026-17141

8.2CVSS5.9AI score0.00102EPSS

Exploits1References2

OSV•added 2026/03/30 5:16 p.m.•0 views

GHSA-PX3P-VGH9-M57C NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

Summary NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. However, the console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via...

9.9CVSS6AI score0.32413EPSS

Exploits7References5

Zero Day Initiative•added 2026/03/30 12:0 a.m.•3 views

NoMachine External Control of File Path Arbitrary File Deletion Vulnerability

This vulnerability allows local attackers to delete arbitrary files on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

7.1CVSS6.1AI score0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/03/30 12:0 a.m.•2 views

CVE-2026-29872

5.9AI score0.00102EPSS

Exploits1References1

Positive Technologies•added 2026/03/30 12:0 a.m.•2 views

PT-2026-29084

Name of the Vulnerable Software and Affected Versions awesome-llm-apps versions prior to commit e46690f99c3f08be80a9877fab52acacf7ab8251 Description A cross-session information disclosure issue exists in the awesome-llm-apps project. The Streamlit-based GitHub MCP Agent stores user-supplied API...

8.2CVSS5.9AI score0.00102EPSS

Exploits1References5

ATTACKERKB•added 2026/03/30 12:0 a.m.•1 views

CVE-2026-29872

8.2CVSS5.9AI score0.00102EPSS

Exploits1References2

RedhatCVE•added 2026/03/29 11:13 a.m.•3 views

CVE-2026-33881

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS6AI score0.00077EPSS

Exploits1References1

RedhatCVE•added 2026/03/28 11:9 p.m.•2 views

CVE-2026-33981

changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...

8.3CVSS5.9AI score0.00018EPSS

Exploits1References1

SUSE CVE•added 2026/03/28 12:27 a.m.•2 views

SUSE CVE-2026-32301

Centrifugo is an open-source scalable real-time messaging server. Prior to 6.7.0, Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or...

9.3CVSS5.9AI score0.00109EPSS

Exploits1References3

Snyk•added 2026/03/27 11:24 p.m.•1 views

Information Exposure

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Information Exposure via the jq and jqraw include filter expressions, which allow access to the env builtin. An attacker can obtain sensitive environment variables ...

8.3CVSS5.9AI score0.00018EPSS

Exploits1References2

NVD•added 2026/03/27 10:16 p.m.•1 views

CVE-2026-33981

8.3CVSS0.00018EPSS

Exploits1References3

CVE•added 2026/03/27 10:1 p.m.•13 views

CVE-2026-33981

Technical details for CVE-2026-33981 are not publicly available in the provided documents. No affected products, impact, or remediation are identifiable here. Monitor for updates .

8.3CVSS5.9AI score0.00018EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/27 10:1 p.m.•3 views

CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters

8.3CVSS5.9AI score0.00018EPSS

Exploits1References5