CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7991 matches found

ATTACKERKB•added 2026/03/31 8:52 p.m.•0 views

CVE-2026-34733

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

6.5CVSS5.9AI score0.00341EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/03/31 8:52 p.m.•1 views

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

6.5CVSS5.9AI score0.00341EPSS

Exploits1References1

CVE•added 2026/03/31 8:52 p.m.•21 views

CVE-2026-34733

CVE-2026-34733 (AVideo) : AVideo proves vulnerable in versions ≤26.0 via the file install/deleteSystemdPrivate.php, which contains a PHP operator precedence bug in its CLI guard. The check uses !php_sapi_name() === 'cli', which, due to precedence, is always false, allowing unauthenticated HTTP ac...

7.3CVSS5.9AI score0.00341EPSS

Exploits1References1Affected Software1

Chainguard•added 2026/03/31 7:55 a.m.•5 views

GHSA-GM2X-2G9H-CCM8 vulnerabilities

Vulnerabilities for packages: trivy, nuclei, livekit-cli, gitlab-runner, scorecard, kubescape-server, grafana, kaniko-fips, google-osconfig-agent, gitea, flux-fips, kubescape, guac, snyk-cli, argo-workflows-fips, argocd-image-updater, grype, argo-workflows, bom, cloudbeat-fips, syft-fips, gitaly,...

5.8AI score

Exploits0

Chainguard•added 2026/03/31 7:55 a.m.•4 views

CVE-2026-34165 vulnerabilities

5CVSS5.8AI score0.00147EPSS

Exploits0

Chainguard•added 2026/03/31 7:55 a.m.•14 views

CVE-2026-33762 vulnerabilities

2.8CVSS5.8AI score0.00153EPSS

Exploits0

Chainguard•added 2026/03/31 1:17 a.m.•4 views

CVE-2026-4923 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, saf, vitess, tileserver-gl, gemini-cli, redisinsight, thingsboard, langfuse-fips, code-server, langfuse, wazuh-dashboard, tileserver-gl-fips, opensearch-dashboards-fips, kibana...

5.9CVSS6.3AI score0.00353EPSS

Exploits0

Chainguard•added 2026/03/31 1:17 a.m.•4 views

GHSA-27V5-C462-WPQ7 vulnerabilities

5.8AI score

Exploits0

Chainguard•added 2026/03/31 1:17 a.m.•4 views

GHSA-J3Q9-MXJG-W52F vulnerabilities

5.8AI score

Exploits0

Chainguard•added 2026/03/31 1:17 a.m.•5 views

CVE-2026-4926 vulnerabilities

7.5CVSS6.3AI score0.00455EPSS

Exploits0

vulnersOsv•added 2026/03/30 5:19 p.m.•5 views

au.csiro.pathling:encoders (>=8.0.0 <=9.5.0), au.csiro.pathling:fhirpath (>=8.0.0 <=9.5.0) +164 more potentially affected by CVE-2026-34359 via ca.uhn.hapi.fhir:org.hl7.fhir.utilities (>=6.4.1 <=6.9.3)

ca.uhn.hapi.fhir:org.hl7.fhir.utilities MAVEN version =6.4.1, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.2.0, =8.8.1 and more Source cves: CVE-2026-34359 Source advisory: SNYK:JAVA-CAUHNHAPIFHIR-15855257...

9.1CVSS5.4AI score0.00158EPSS

Exploits1

vulnersOsv•added 2026/03/30 5:7 p.m.•4 views

@tinacms/app (>=0.0.0-0a1049d-20260309051347 <=2.4.0), @tinacms/cli (>=0.0.0-0a1049d-20260309051347 <=2.2.0) +4 more potentially affected by CVE-2026-33949 via @tinacms/graphql (>=2.0.0 <=2.2.1)

@tinacms/graphql NPM version =2.0.0, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =2.0.0, =0.0.0-0b7103c-20251216023146, =0.0.0-0a1049d-20260309051347, =0.0.0-0a1049d-20260309051347, =3.7.0 Source cves: CVE-2026-33949 Source advisory: SNYK:JS-TINACMSGRAPHQL-15855320...

8.1CVSS5.8AI score0.00386EPSS

Exploits0

vulnersOsv•added 2026/03/29 3:27 p.m.•5 views

filecc (>=0.0.1 <=1.0.1), gm-i18n-migrate (>=2.7.0 <=2.9.0) +3 more potentially affected by unknown CVE via opencc (>=1.0.6 <=1.1.3)

opencc NPM version =1.0.6, =0.0.1, =2.7.0, =2.7.2, =1.0.2, =1.0.5 - wise-paas-notify-utility =1.4.10-s2t1 Source cves: unknown CVE Source advisory: OSV:GHSA-7FQQ-Q52P-2JJG...

5.8AI score

Exploits0

Vulnrichment•added 2026/03/27 9:13 p.m.•6 views

CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it...

8.2CVSS6AI score0.00293EPSS

Exploits1References3

Github Security Blog•added 2026/03/27 6:22 p.m.•11 views

Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options

Summary The Handlebars CLI precompiler bin/handlebars / lib/precompiler.js concatenates user-controlled strings — template file names and several CLI options — directly into the JavaScript it emits, without any escaping or sanitization. An attacker who can influence template filenames or CLI...

8.2CVSS6AI score0.00293EPSS

Exploits1References5Affected Software1

Wolfi•added 2026/03/27 7:48 a.m.•10 views

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: scorecard, docker-cli-buildx, skaffold, docker-compose, buildah, kaniko, kubescape, conftest, osv-scanner, trivy, zot, trivy-operator, guac...

9.8CVSS5.8AI score0.00498EPSS

Exploits0

Wolfi•added 2026/03/27 7:48 a.m.•8 views

GHSA-4VRQ-3VRQ-G6GG vulnerabilities

Vulnerabilities for packages: scorecard, docker-cli-buildx, skaffold, docker-compose, buildah, kaniko, kubescape, conftest, osv-scanner, trivy, zot, trivy-operator, guac...

5.8AI score

Exploits0

Wolfi•added 2026/03/27 7:48 a.m.•8 views

GHSA-4C29-8RGM-JVJJ vulnerabilities

Vulnerabilities for packages: scorecard, docker-cli-buildx, skaffold, docker-compose, buildah, kaniko, kubescape, conftest, osv-scanner, trivy, zot, trivy-operator, guac...

5.8AI score

Exploits0

Wolfi•added 2026/03/27 7:48 a.m.•7 views

CVE-2026-33748 vulnerabilities

Vulnerabilities for packages: scorecard, docker-cli-buildx, skaffold, docker-compose, buildah, kaniko, kubescape, conftest, osv-scanner, trivy, zot, trivy-operator, guac...

8.2CVSS7.1AI score0.00463EPSS

Exploits0

Chainguard•added 2026/03/27 7:17 a.m.•4 views

CVE-2026-33747 vulnerabilities

Vulnerabilities for packages: trivy-fips, trivy, zot, livekit-cli, docker-fips, buildah-fips, docker-compose-fips, scorecard, docker-compose, kubescape-server, kaniko-fips, docker-cli-buildx-fips, trivy-operator, docker-cli-buildx, skaffold, kubescape, guac, buildah, osv-scanner,...

9.8CVSS5.8AI score0.00498EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by