CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 4 days ago•3 views

GHSA-QJWP-HRQ6-R26R kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

2.1CVSS5.7AI score

Exploits0References3

Hacker One•added 6 days ago•7 views

curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master

Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...

Snyk•added 2026/05/29 7:18 p.m.•9 views

Exploits0

SQL Injection

Overview agno is an Agno: a lightweight library for building Multi-Agent Systems Affected versions of this package are vulnerable to SQL Injection via the deletebymetadata function in the clickhouse backend. An attacker can execute unintended SQL commands by supplying malicious metadata keys and...

8.7CVSS6AI score0.00034EPSS

Github Security Blog•added 2026/05/29 7:7 p.m.•8 views

ezsystems/ezpublish-legacy has a SQL injection in dfscleanup

NB: All tags and branches in this repository are past their end of life, so the vulnerability will not be fixed. The advisory is posted on the request of the researcher, for the information of anyone who might still use this software. Impact There is a security vulnerability in eZ Publish Legacy,...

Exploits0References2Affected Software1

NVD•added 2026/05/29 6:17 p.m.•12 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS0.00054EPSS

Snyk•added 2026/05/29 6:8 p.m.•5 views

Protection Mechanism Failure

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Protection Mechanism Failure through the NodeVM builtin wildcard expansion in lib/builtin.js. An attacker can load Node’s private...

9.3CVSS5.9AI score

Vulnrichment•added 2026/05/29 4:33 p.m.•8 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

9.6CVSS5.8AI score0.00054EPSS

CVE•added 2026/05/29 4:33 p.m.•11 views

CVE-2026-45628

Dokploy (PaaS) vulnerability CVE-2026-45628 affects version 0.29.2 and earlier. The root cause is unescaped interpolation of user-supplied branch names, repo URLs, and Docker credentials into shell commands constructed with JavaScript template literals and executed via child_process.exec (shell /...

9.6CVSS5.8AI score0.00054EPSS

Cvelist•added 2026/05/29 4:33 p.m.•33 views

CVE-2026-45628 Dokploy: Command Injection via Unescaped Branch Fields in Deployment Pipeline

9.6CVSS0.00054EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•5 views

PT-2026-45006

7.1CVSS5.8AI score

Exploits0References3

Positive Technologies•added 2026/05/29 12:0 a.m.•9 views

PT-2026-45046

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

Exploit DB•added 2026/05/29 12:0 a.m.•30 views

Exploits0References9

ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion

Exploit Title: ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion Google Dork: N/A Date: 2026-05-13 Exploit Author: Jose Rivas bl4cksku11 & Zero Trust Offsec Vendor Homepage: https://imagemagick.org/ Software Link: https://imagemagick.org/download/ Version: ImageMagick 7.x...

CNNVD•added 2026/05/29 12:0 a.m.•5 views

Exploits2

Dokploy 命令注入漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.29.2 and earlier contained a command injection vulnerability. This vulnerability stemmed from the use of JavaScript template literal expressions to construct shell commands, which were executed via...

9.6CVSS6.1AI score0.00054EPSS

Snyk•added 2026/05/28 4:50 p.m.•6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the bzip2recover utility when processing a specially crafted file. An attacker can cause memory corruption and application crash by supplying a malicious input file. Remediation A fix was pushed into the master...

5.1CVSS5.8AI score0.00021EPSS

NVD•added 2026/05/28 8:16 a.m.•8 views

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS0.00062EPSS

CVE•added 2026/05/28 6:41 a.m.•10 views

CVE-2026-9806

CTI Transmute is affected by a stored XSS in the notification panel prior to the patched release. The issue occurs when notification messages include user-controlled convert names that are rendered via innerHTML without sanitization, allowing arbitrary JavaScript execution in the authenticated us...

6.3CVSS5.9AI score0.00062EPSS

Cvelist•added 2026/05/28 6:41 a.m.•28 views

CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names

6.3CVSS0.00062EPSS