CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

95 matches found

Github Security Blog•added 2026/01/21 1:4 a.m.•8 views

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...

9.9CVSS6.1AI score0.00024EPSS

Exploits0References8Affected Software1

NVD•added 2026/01/19 10:16 p.m.•6 views

CVE-2026-23885

Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Th...

9.9CVSS0.00024EPSS

Exploits0References5

Snyk•added 2026/01/19 9:46 p.m.•3 views

Eval Injection

Overview Affected versions of this package are vulnerable to Eval Injection via the resourceurlproxy function. An attacker can execute arbitrary system commands by supplying crafted input to the enginename attribute, which is evaluated within the application context. PoC require 'ostruct' def...

9.9CVSS6AI score0.00024EPSS

Exploits0References2

EUVD•added 2026/01/19 9:9 p.m.•4 views

EUVD-2026-3281

6.6CVSS6AI score0.00024EPSS

Exploits0References5

OSV•added 2026/01/19 9:9 p.m.•6 views

CVE-2026-23885 AlchemyCMS has Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

6.4CVSS6.1AI score0.00024EPSS

Exploits0References7

ATTACKERKB•added 2026/01/19 9:9 p.m.•3 views

CVE-2026-23885

6.4CVSS6AI score0.00024EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/01/19 12:0 a.m.•5 views

PT-2026-3507

Name of the Vulnerable Software and Affected Versions Alchemy versions prior to 7.4.12 Alchemy versions prior to 8.0.3 Description Alchemy, a Ruby on Rails content management system, allows an authenticated attacker to execute arbitrary system commands on the host operating system. The applicatio...

6.4CVSS6AI score0.00024EPSS

Exploits0References14

Tenable Nessus•added 2026/01/16 12:0 a.m.•2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000729)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000729 advisory. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entire...

6.9CVSS7.9AI score0.0007EPSS

Exploits1References23

Tenable Nessus•added 2026/01/15 12:0 a.m.•2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001989)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001989 advisory. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entire...

6.9CVSS7.9AI score0.0007EPSS

Exploits1References23

Tenable Nessus•added 2026/01/15 12:0 a.m.•1 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002410)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002410 advisory. Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entire...

6.9CVSS7.9AI score0.0007EPSS

Exploits1References23

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2001-0853

Malware in sbrugna...

5CVSS6.4AI score0.0087EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2001-0854

Malware in sbrugna...

7.5CVSS6.4AI score0.03803EPSS

Exploits0References6