CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/15 6:30 p.m.•2 views

GHSA-2F54-V4HM-FX73 Apache Flink: Remote code execution via SQL injection in code generation

Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers via maliciously crafted SQL queries. The vulnerability affects JSON functions 1.15.0+ and LIKE...

Github Security Blog•added 2026/05/15 6:30 p.m.•6 views

Exploits0References6

Apache Flink: Remote code execution via SQL injection in code generation

Exploits0References6Affected Software3

Snyk•added 2026/05/15 6:30 p.m.•5 views

Arbitrary Code Injection

8.6CVSS6.3AI score0.00067EPSS

NVD•added 2026/05/15 4:16 p.m.•4 views

CVE-2026-35194

8.1CVSS0.00067EPSS

Vulnrichment•added 2026/05/15 3:27 p.m.•4 views

CVE-2026-35194 Apache Flink: Remote code execution via SQL injection in code generation

6.3AI score0.00067EPSS

EUVD•added 2026/05/15 3:27 p.m.•3 views

EUVD-2026-30550

ATTACKERKB•added 2026/05/15 3:27 p.m.•2 views

CVE-2026-35194

6.3AI score0.00067EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/15 7:57 a.m.•7 views

CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

7.3CVSS5.9AI score0.00025EPSS

Veracode•added 2026/05/15 5:3 a.m.•8 views

Arbitrary Code Injection

Enclave is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper enforcement of security boundaries in @enclave-vm/core, allowing attackers to escape the JavaScript sandbox environment and achieve arbitrary code execution on the host system...

10CVSS6.4AI score0.00775EPSS

Exploits2References2Affected Software2

RedhatCVE•added 2026/05/15 1:57 a.m.•3 views

CVE-2026-31233

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

9.8CVSS6.3AI score0.00378EPSS

CNNVD•added 2026/05/15 12:0 a.m.•5 views

OpenMRS 代码注入漏洞

OpenMRS is an open-source electronic health record system developed by OpenMRS Inc. Versions of OpenMRS from 2.7.0 to 2.7.9 and before 2.8.6 have a code injection vulnerability. This vulnerability arises from the ConceptReferenceRangeUtility.evaluateCriteria method, which evaluates condition...

9.1CVSS5.9AI score0.00057EPSS

Tenable Nessus•added 2026/05/15 12:0 a.m.•5 views

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...

4.3CVSS6AI score0.00016EPSS

Exploits0References3

Tenable Nessus•added 2026/05/15 12:0 a.m.•8 views

Siemens Teamcenter XSS and Hardcoded Key Vulnerabilities (SSA-827383)

The version of Siemens Teamcenter installed on the remote host is affected by multiple vulnerabilities: - The affected application does not properly encode or filter user-supplied data. This could allow an attacker to inject malicious code that can be executed by other users when they visit the...

8.7CVSS7.4AI score0.00052EPSS

Exploits0References3

CNNVD•added 2026/05/15 12:0 a.m.•6 views

oinone-pamirs 代码注入漏洞

Oinone-Pamirs is an open-source AI-driven low-code development framework developed by Oinone. Version 7.0.0 of Oinone-Pamirs contains a code injection vulnerability. This vulnerability stems from the ScriptRunner.run method in the ScriptRunner component evaluating scripts controlled by the attack...

6.5CVSS5.9AI score0.00057EPSS

CNNVD•added 2026/05/15 12:0 a.m.•5 views

Schlix CMS 代码注入漏洞

Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. Version 2.2.6-6 of Schlix CMS has a code injection vulnerability. This vulnerability stems from a remote code execution issue, allowing authenticated attackers to execute arbitrary P...

8.8CVSS6.7AI score0.0027EPSS

CNNVD•added 2026/05/15 12:0 a.m.•6 views

MCP Calculate Server 代码注入漏洞

MCP Calculate Server is a mathematical calculation service tool developed by 611711Dark, based on the MCP protocol. Versions of MCP Calculate Server prior to 0.1.1 contained a code injection vulnerability. This vulnerability arose from the use of eval to evaluate mathematical expressions without...

9.8CVSS6.2AI score0.00333EPSS

CNNVD•added 2026/05/15 12:0 a.m.•5 views

Apache Flink 代码注入漏洞

Apache Flink is an open-source distributed stream processing engine developed by the Apache Foundation in the United States. The product is primarily written in Java and Scala languages. Versions of Apache Flink from 1.15.0 to 1.20.x, as well as from 2.0.0 to 2.x, contain a code injection...

Positive Technologies•added 2026/05/15 12:0 a.m.•4 views

PT-2026-41310

Name of the Vulnerable Software and Affected Versions Apache Flink versions 1.15.0 through 1.20.x Apache Flink versions 2.0.0 through 2.x Description Code injection in SQL code generation allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers using...

Snyk•added 2026/05/14 9:25 p.m.•6 views

Exploits0References9

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in the process that handles environment variable allowlisting in repository-local configuration. An attacker can access sensitive environment variables, including API tokens and credentials, by forwarding them...

9.3CVSS6AI score0.00161EPSS