Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36211 matches found

CNNVD
CNNVDadded 2026/03/31 12:0 a.m.5 views

SourceCodester Leave Application System 代码注入漏洞

SourceCodester Leave Application System is an open-source vacation application system developed by SourceCodester. Version 1.0 of SourceCodester Leave Application System contains a code injection vulnerability. This vulnerability stems from unknown functional issues with the user management...

4.8CVSS5.6AI score0.00012EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/03/31 12:0 a.m.2 views

Ruby LSP 代码注入漏洞

Ruby LSP is an open-source Ruby language server developed by Shopify. It provides code completion and debugging features. Versions of Ruby LSP prior to 0.10.2 and 0.26.9 contained a code injection vulnerability. This vulnerability stemmed from the fact that the Gemfile generated by rubyLsp.branch...

9.8CVSS6AI score0.00046EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/03/31 12:0 a.m.1 views

CVE-2026-30309

InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to cover native high-risk commands in Windows PowerShell such as powershell, and the matching algorithm...

7.8CVSS6.5AI score0.00038EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/03/31 12:0 a.m.4 views

WordPress plugin Everest Forms Pro 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS6.2AI score0.00313EPSS
Exploits1References3
CNNVD
CNNVDadded 2026/03/31 12:0 a.m.3 views

SiYuan 代码注入漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan OpenSource. Versions of SiYuan prior to 3.6.2 contained a code injection vulnerability. This vulnerability stemmed from unvalidated malicious URLs in the Attribute View mAsse field, which could lead to stored-xs...

9CVSS6.1AI score0.00023EPSS
Exploits1References4
Snyk
Snykadded 2026/03/30 5:28 p.m.2 views

Arbitrary Code Injection

Overview crewai-tools is a Set of tools for the crewAI framework Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper verification of the Docker runtime status, causing a fallback to a SandboxPython environment. An attacker can execute arbitrary code by...

9.8CVSS6.4AI score0.00024EPSS
Exploits0References2
EUVD
EUVDadded 2026/03/30 3:32 p.m.2 views

EUVD-2026-17104

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewsupplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

6.1CVSS6AI score0.00066EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/03/30 12:0 a.m.3 views

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updatefst.php, which may...

4.8CVSS5.7AI score0.00034EPSS
Exploits0References6
RedhatCVE
RedhatCVEadded 2026/03/29 11:3 p.m.2 views

CVE-2026-5011

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS5.6AI score0.00065EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/29 11:3 p.m.1 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/29 11:13 a.m.2 views

CVE-2026-33881

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

8.6CVSS6AI score0.00077EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/28 11:9 p.m.1 views

CVE-2026-4963

A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluateaugassign/evaluatecall/evaluatewith of the file src/smolagents/localpythonexecutor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code injection. It is possible to...

7.6CVSS6.3AI score0.00084EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/28 9:33 p.m.1 views

EUVD-2026-16942

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS6.3AI score0.00065EPSS
Exploits0References6
NVD
NVDadded 2026/03/28 7:16 p.m.1 views

CVE-2026-5011

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS0.00065EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/03/28 6:30 p.m.1 views

CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS5.6AI score0.00065EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/03/28 6:30 p.m.27 views

CVE-2026-5011 elecV2 elecV2P JSON webhook runJSFile code injection

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS0.00065EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/03/28 6:30 p.m.1 views

CVE-2026-5011

A vulnerability was detected in elecV2 elecV2P up to 3.8.3. This vulnerability affects the function runJSFile of the file /webhook of the component JSON Parser. Performing a manipulation of the argument rawcode results in code injection. Remote exploitation of the attack is possible. The exploit ...

6.5CVSS5.6AI score0.00065EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/03/28 6:30 p.m.8 views

CVE-2026-5011

CVE-2026-5011 affects elecV2 elecV2P up to version 3.8.3. The vulnerability resides in the JSON Parser component, specifically the runJSFile function in the /webhook file. Manipulating the argument rawcode can lead to code injection, enabling remote exploitation. Public exploit exists and may be ...

6.5CVSS6.3AI score0.00065EPSS
Exploits0References5
NVD
NVDadded 2026/03/28 2:15 p.m.1 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS0.00037EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/28 1:15 p.m.1 views

CVE-2026-4998

A weakness has been identified in Sinaptik AI PandasAI up to 3.0.0. This vulnerability affects the function CodeExecutor.execute of the file pandasai/core/codeexecution/codeexecutor.py of the component Chat Message Handler. Executing a manipulation can lead to code injection. The attack may be...

7.5CVSS5.6AI score0.00037EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder