CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/06/05 7:18 p.m.•4 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS5.9AI score0.0025EPSS

RedhatCVE•added 2026/06/05 7:13 p.m.•5 views

CVE-2026-40289

PraisonAI is a multi-agent teams system. In versions below 4.5.139 of PraisonAI and 1.5.140 of praisonaiagents, the browser bridge praisonai browser start is vulnerable to unauthenticated remote session hijacking due to missing authentication and a bypassable origin check on its /ws WebSocket...

9.1CVSS5.4AI score0.00073EPSS

Exploits1References1

Vulnrichment•added 2026/05/29 4:40 p.m.•8 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00243EPSS

Cvelist•added 2026/05/29 4:40 p.m.•34 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

9.9CVSS0.00243EPSS

CVE•added 2026/05/29 4:40 p.m.•12 views

CVE-2026-45629

Dokploy (PaaS) v0.28.8 and earlier is vulnerable to authenticated OS command injection via the /listen-deployment WebSocket endpoint. An organization member can execute arbitrary system commands on remote Dokploy-managed servers, potentially achieving full server compromise. The CVSS metrics indi...

9.9CVSS6.1AI score0.00243EPSS

ATTACKERKB•added 2026/05/29 4:10 p.m.•7 views

CVE-2026-45633

Exploits0References2Affected Software1

CVE•added 2026/05/29 4:10 p.m.•14 views

CVE-2026-45633

CVE-2026-45633 : Dokploy (PaaS) v0.26.6 and earlier suffers a command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, enabling authenticated users to execute arbitrary commands with root...

Vulnrichment•added 2026/05/29 4:10 p.m.•10 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Cvelist•added 2026/05/29 4:10 p.m.•31 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

9.9CVSS0.0025EPSS

CNNVD•added 2026/05/29 12:0 a.m.•6 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contain security vulnerabilities. These vulnerabilities stem from command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated directly into...

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-44933

Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.28.9 Description Dokploy is a free, self-hostable Platform as a Service PaaS. An authenticated OS command injection exists in the '/listen-deployment' WebSocket endpoint, which allows any organization member to...

9.9CVSS6.1AI score0.00243EPSS

Github Security Blog•added 2026/05/06 9:31 p.m.•11 views

Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-f7fh-qg34-x2xh. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket...

Exploits0References5Affected Software1

EUVD•added 2026/05/06 9:31 p.m.•1 views

EUVD-2026-28164

OpenClaw before 2026.4.5 contains a server-side request forgery vulnerability in the CDP /json/version WebSocket endpoint that allows attackers to pivot to untrusted second-hop targets. The webSocketDebuggerUrl response field is not properly validated, enabling attackers to redirect connections t...

OSV•added 2026/05/06 9:31 p.m.•1 views

GHSA-3R56-7HHR-VFG9 Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

NVD•added 2026/05/06 8:16 p.m.•2 views

CVE-2026-43576

7.7CVSS0.00038EPSS

Exploits0References3

ATTACKERKB•added 2026/05/06 7:49 p.m.•3 views

CVE-2026-43576

CVE•added 2026/05/06 7:49 p.m.•6 views

CVE-2026-43576

OpenClaw before 2026.4.5 is affected by a server-side request forgery in the CDP /json/version WebSocket endpoint. The webSocketDebuggerUrl field is not properly validated, enabling an attacker to redirect connections to arbitrary hosts and perform SSRF-style jumps to second-hop targets. Affected...

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•4 views

PT-2026-38231

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.5 Description A server-side request forgery SSRF issue exists in the CDP "/json/version" WebSocket endpoint. The webSocketDebuggerUrl response field is not properly validated, which allows attackers to redirec...

CNNVD•added 2026/05/06 12:0 a.m.•6 views

Exploits0References5

OpenClaw 输入验证错误漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.5 had a vulnerability related to input validation errors. This vulnerability stemmed from server-side request forgery in the CDP/json/version WebSocket endpoint, which might all...

7.7CVSS5.8AI score0.00038EPSS