Lucene search
K

1444 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 8:51 a.m.7 views

CVE-2026-33088

Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement...

7.3CVSS7.3AI score0.00349EPSS
Exploits0References3
CVE
CVE
added 2026/04/08 8:30 a.m.7 views

CVE-2026-39624

CVE-2026-39624 affects the WordPress Kutethemes Biolife theme (

5.3CVSS5.9AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

Six Apart Movable Type SQL注入漏洞

Six Apart Movable Type is an application system developed by the Six Apart company in the United States. It offers features such as multi-user support, comments, Trackbacks, and themes. Six Apart Movable Type has a SQL injection vulnerability; this vulnerability makes it susceptible to SQL...

9.8CVSS7.4AI score0.00349EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/06 6:59 p.m.5 views

CVE-2026-35021

...

5.8AI score0.00041EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.6 views

CVE-2026-34779

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder used an AppleScript fallback path that did not properly handle certain characters in the...

7.8CVSS6.1AI score0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 3:49 p.m.19 views

CVE-2026-34940

KubeAI has a OS Command Injection vulnerability in the Ollama Engine startup probe. Before version 0.23.2, the ollamaStartupProbeScript() constructs a shell command via fmt.Sprintf using unsanitized model URL components (ref, modelParam) and runs it with bash -c as a Kubernetes startup probe. An ...

8.8CVSS6.1AI score0.00448EPSS
Exploits3References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 4:32 a.m.2 views

CVE-2026-5463

Command injection vulnerability in console.runmodulewithoutput in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended...

9.3CVSS6.2AI score0.01923EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/02 6:55 p.m.1 views

CVE-2026-35053

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow execution endpoints GET /workflow/manual/run/:workflowId and POST /workflow/manual/run/:workflowId without any authentication middleware. An attacker who ca...

9.2CVSS6.2AI score0.00546EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/30 8:16 a.m.7 views

CVE-2025-15379

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS0.01994EPSS
Exploits1References5
CVE
CVE
added 2026/03/30 7:16 a.m.37 views

CVE-2025-15379

Summary: CVE-2025-15379 affects MLflow (model serving container initialization). In the function _install_model_dependencies_to_env(), when deploying with env_manager=LOCAL, dependency specs from the model artifact's python_env.yaml are interpolated into a shell command without sanitization, enab...

10CVSS7.5AI score0.01994EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/30 12:0 a.m.7 views

CVE-2026-30308

CVE-2026-30308 affects HAI Build Code Generator's automatic terminal command execution feature. The tool offers two options: Execute safe commands or Execute all commands. The root cause is prompt-injection-based bypass: an attacker can wrap a malicious command in a generic template and mislead t...

9.8CVSS6AI score0.00512EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/27 9:17 p.m.2 views

CVE-2026-33873

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the...

9.9CVSS0.01426EPSS
Exploits1References16
Debian CVE
Debian CVE
added 2026/03/27 9:5 p.m.4 views

CVE-2026-33938

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper...

8.1CVSS5.8AI score0.00692EPSS
Exploits1
OSV
OSV
added 2026/03/26 6:31 p.m.2 views

GHSA-V8HW-MH8C-JXFC Langflow has Authenticated Code Execution in Agentic Assistant Validation

Description 1. Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase. Although this phase appears intended to validate generated component code, the implementation reaches dynamic execution sinks and instantiates the generated class...

9.3CVSS6.6AI score0.01426EPSS
Exploits1References19
ATTACKERKB
ATTACKERKB
added 2026/03/21 3:26 a.m.4 views

CVE-2024-13785

The The Contact Form, Survey, Quiz & Popup Form Builder – ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the software allowing users to execute an action that does not properly validate a value before running...

5.6CVSS6.2AI score0.00268EPSS
Exploits0References3
Veracode
Veracode
added 2026/03/18 4:49 p.m.7 views

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of user-controlled input from the $REQUEST'query' parameter passed to the browseQuery function, which allows an attacker to execute arbitrary SQL commands and compromise the database...

6.5CVSS6.2AI score0.0025EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/05 10:0 p.m.28 views

CVE-2026-29610 OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution...

8.8CVSS0.00465EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.10.1, 2.9.3, and 1.123.22 contained security vulnerabilities. These vulnerabilities stemmed from second-order expression injections in the Form node, which could allow unverified attackers to...

9.5CVSS7AI score0.01074EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.13 views

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

5.3CVSS6.1AI score0.00299EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.9 views

PT-2026-20983

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.6.8 Description A command injection issue exists in Deno's node:child process implementation. The issue allows for arbitrary command execution through crafted input provided to the spawnSync function when the shell...

9.8CVSS5.9AI score0.02213EPSS
Exploits1References13
Rows per page
Query Builder