CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2026/05/12 2:33 a.m.•67 views

Exploit for Code Injection in Praison Praisonai

praison-exp...

8.4CVSS5.8AI score0.00008EPSS

Exploits2

RedhatCVE•added 2026/05/12 2:27 a.m.•9 views

CVE-2026-27760

OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...

9.2CVSS6.2AI score0.00136EPSS

Exploits0References1

CVE•added 2026/05/12 2:20 a.m.•13 views

CVE-2026-40129

The vulnerability CVE-2026-40129 affects SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. A code injection flaw allows an authenticated attacker to submit specially crafted inputs that, if processed, can be delivered to channel subscribers and execute code on behalf of other users...

Vulnrichment•added 2026/05/12 2:20 a.m.•5 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

ATTACKERKB•added 2026/05/12 2:20 a.m.•3 views

CVE-2026-40129

Cvelist•added 2026/05/12 2:20 a.m.•32 views

CVE-2026-40129 Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform

4.3CVSS0.00016EPSS

ATTACKERKB•added 2026/05/12 2:20 a.m.•3 views

CVE-2026-34263

Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application...

9.6CVSS6AI score0.0003EPSS

Cvelist•added 2026/05/12 2:20 a.m.•38 views

CVE-2026-34263 Missing authentication check in SAP Commerce cloud configuration

9.6CVSS0.0003EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•9 views

PT-2026-40120

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post install...

6.3AI score0.00378EPSS

CNNVD•added 2026/05/12 12:0 a.m.•5 views

Scramble 代码注入漏洞

Scramble is a tool developed by de:doc for automatically generating API documentation for Laravel projects. Versions of Scramble from 0.13.2 to 0.13.22 contained a code injection vulnerability. This vulnerability stemmed from the exposed documentation endpoints and the use of validation rules tha...

9.4CVSS6AI score0.08605EPSS

Exploits2References2

CNNVD•added 2026/05/12 12:0 a.m.•5 views

Microsoft Data Formulator 代码注入漏洞

Microsoft Data Formulator is an AI data visualization and analysis tool developed by Microsoft Corporation in the United States, powered by large language models. Microsoft Data Formulator has a code injection vulnerability. Attackers can exploit this vulnerability to execute code remotely...

8.8CVSS6AI score0.00067EPSS

CNNVD•added 2026/05/12 12:0 a.m.•6 views

SPIP 代码注入漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.14 had a code injection vulnerability, which was caused by remote code execution from private spaces, potentially allowing arbitrary code to be executed...

8.8CVSS6.5AI score0.00222EPSS

Exploits0References1

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Google Chrome 代码注入漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a code injection vulnerability. This vulnerability stemmed from the SanitizerAPI component’s script injection mechanism, which could allow remote attackers to inject arbitrary scrip...

5.4CVSS6AI score0.00028EPSS

CVE•added 2026/05/12 12:0 a.m.•9 views

CVE-2026-31236

The CVE-2026-31236 issue affects the llm CLI tool up to version 0.27.1. The vulnerability arises from the --functions argument, which accepts user-provided Python definitions and is executed with unsafe exec() without sanitization or sandboxing, enabling arbitrary code execution on a victim’s sys...

9.8CVSS6.3AI score0.00102EPSS

CNNVD•added 2026/05/12 12:0 a.m.•4 views

WordPress plugin Advanced Custom Fields Extended 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS6.2AI score0.00113EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-39923

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-39988

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application does not properly encode or filter...

8.5CVSS5.7AI score0.00033EPSS

Positive Technologies•added 2026/05/12 12:0 a.m.•4 views

PT-2026-40263

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 on-premises affected versions not specified Description Improper control of code generation in Microsoft Dynamics 365 on-premises allows an authorized attacker to execute code over a network. This is a code injection...

9.9CVSS6.2AI score0.00085EPSS

Exploits0References8

Positive Technologies•added 2026/05/12 12:0 a.m.•5 views

PT-2026-40123

The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec function...

6.3AI score0.00102EPSS