Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

44929 matches found

Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.6 views

PT-2026-33832

Name of the Vulnerable Software and Affected Versions Rclone versions 1.45.0 through 1.73.4 Description An authorization bypass exists in the Remote Control RC interface of Rclone. The RC endpoint "options/set" is exposed without requiring authentication, allowing an unauthenticated attacker to...

9.8CVSS6AI score0.34525EPSS
Exploits2References31
Positive Technologies
Positive Technologiesadded 2026/04/20 12:0 a.m.5 views

PT-2026-33799

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.6 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain versions 7.13.1.0 through 7.13.1.60 Description An OS command injection issue exists where...

7.2CVSS6AI score0.01191EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/04/18 7:39 p.m.161 views

Exploit for CVE-2026-4257

⚡ WordPress - Contact Form 7 - Unauthenticated SSTI To Remote...

9.8CVSS6.5AI score0.41475EPSS
Exploits7
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/04/18 8:9 a.m.5 views

Malicious code in cktool.internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d35ec7e83cb03e16d3d408e617ad1c8a72dae84f6b8655f5439b1e5465e47fc The package cktool.internal was found to contain malicious code. Source: ghsa-malware fea6b6dafa01114874236a50b5923473307ac91ce0b6c562d3ccb2fa27e6af4...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/04/18 7:55 a.m.3 views

MAL-2026-2919 Malicious code in apple-idms-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f0eeec23623c0969b1edd5df79a1b592d22f6c05b5c91442114efd08ce173be The package apple-idms-internal was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/04/17 9:16 p.m.4 views

DEBIAN-CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.3AI score0.00356EPSS
Exploits0References1
NVD
NVDadded 2026/04/17 9:16 p.m.3 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS0.00356EPSS
Exploits0References2
OSV
OSVadded 2026/04/17 9:1 p.m.5 views

MAL-2026-2926 Malicious code in material-ui-plugin-cache-endpoint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45efd49ad74d002b46224881218cf53c763e58c0b71ed3d3ff3a79d1021f3a64 The package material-ui-plugin-cache-endpoint was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References1
Debian CVE
Debian CVEadded 2026/04/17 8:25 p.m.5 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS5.9AI score0.00915EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2026/04/17 8:25 p.m.6 views

CVE-2026-40527

radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DWTAGformalparameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute...

8.5CVSS6AI score0.00915EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/17 8:14 p.m.5 views

EUVD-2026-23510

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/17 8:14 p.m.17 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS0.00356EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/04/17 8:14 p.m.4 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/04/17 8:14 p.m.6 views

CVE-2026-33145

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/17 8:14 p.m.3 views

CVE-2026-33145 xrdp: Authenticated RCE via unsanitized AlternateShell execution in xrdp-sesman

xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrdp-sesman. When the AllowAlternateShell setting is enabled which is the default when not explicitly...

6.3CVSS6.2AI score0.00356EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/17 3:31 p.m.3 views

EUVD-2026-23430

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

5.8CVSS5.9AI score0.00257EPSS
Exploits0References2
NVD
NVDadded 2026/04/17 3:16 p.m.4 views

CVE-2026-41153

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

9.8CVSS0.00257EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/17 2:29 p.m.27 views

CVE-2026-41153

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

5.8CVSS0.00257EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/17 2:29 p.m.4 views

CVE-2026-41153

In JetBrains Junie before 252.549.29 command execution was possible via malicious project file...

5.8CVSS5.9AI score0.00257EPSS
Exploits0References2
CVE
CVEadded 2026/04/17 2:29 p.m.9 views

CVE-2026-41153

CVE-2026-41153 affects JetBrains Junie prior to 252.549.29. Affected component is the project file handling, enabling command execution via a malicious project file. Public sources (PT-2026-33457) recommend updating to version 252.549.29 or later as a remediation. CVSS data in the initial record ...

9.8CVSS5.9AI score0.00257EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder