CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/04 9:57 a.m.•4 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

8.1CVSS6AI score0.0004EPSS

RedHat Linux•added 2026/05/04 9:42 a.m.•4 views

OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username

8.1CVSS6AI score0.0004EPSS

RedHat Linux•added 2026/05/04 9:42 a.m.•5 views

Important: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.1CVSS6AI score0.00067EPSS

Exploits0References6

Snyk•added 2026/05/04 5:18 a.m.•3 views

Arbitrary Argument Injection

Overview prefect is a Prefect is a new workflow management system, designed for modern infrastructure and powered by the open-source Prefect Core workflow engine. Users organize Tasks into Flows, and Prefect takes care of the rest. Affected versions of this package are vulnerable to Arbitrary...

6.5CVSS6.6AI score0.00065EPSS

Exploits0References2

Vulnrichment•added 2026/05/04 12:41 a.m.•3 views

CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability...

9.9CVSS6AI score0.00181EPSS

Exploits0References2

CNNVD•added 2026/05/04 12:0 a.m.•7 views

vm2 安全漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Version 3.10.4 of vm2 contains security vulnerabilities. Attackers can exploit these vulnerabilities to obtain host process objects...

9.8CVSS6.1AI score0.00129EPSS

Exploits1References1

CNNVD•added 2026/05/04 12:0 a.m.•8 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node.js built-in modules listed in the allowlist. Versions of vm2 prior to 3.11.0 had a code injection vulnerability, which stemmed from a sandbox escape vulnerability. This...

9.8CVSS6.3AI score0.00176EPSS

Exploits1References1

Positive Technologies•added 2026/05/04 12:0 a.m.•8 views

PT-2026-37196

Name of the Vulnerable Software and Affected Versions pyp2spec versions prior to 0.14.1 Description pyp2spec writes PyPI package metadata, such as the summary field, into generated spec files without escaping RPM macro directives. When a packager uses tools like rpmbuild -bs, rpmbuild --nobuild, ...

7.8CVSS6.2AI score0.00012EPSS

Exploits0References8

OSV•added 2026/05/04 12:0 a.m.•2 views

ALSA-2026:13380 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

8.1CVSS5.9AI score0.00067EPSS

AlmaLinux•added 2026/05/04 12:0 a.m.•5 views

Important: openssh security update

CNNVD•added 2026/05/04 12:0 a.m.•7 views

vm2 代码注入漏洞

vm2 is a high-level virtual machine/sandbox developed by Czech developer Patrik Simek. It runs untrusted code using Node’s built-in modules listed in the allowlist. Versions of vm2 prior to 3.10.5 had a code injection vulnerability. This vulnerability stems from insufficient fixes to CVE-2023-374...

9.8CVSS6.3AI score0.00129EPSS

Exploits1References1

Tenable Nessus•added 2026/05/04 12:0 a.m.•0 views

RHEL 10 : openssh (RHSA-2026:13380)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13380 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

Tenable Nessus•added 2026/05/04 12:0 a.m.•3 views

AlmaLinux 8 : openssh (ALSA-2026:13383)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13383 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

OSV•added 2026/05/04 12:0 a.m.•2 views

ALSA-2026:13381 Important: openssh security update

OSV•added 2026/05/04 12:0 a.m.•4 views

ALSA-2026:13383 Important: openssh security update

Tenable Nessus•added 2026/05/04 12:0 a.m.•11 views

AlmaLinux 10 : openssh (ALSA-2026:13380)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13380 advisory. OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-35385 OpenSSH: OpenSSH: Security bypass via...

Tenable Nessus•added 2026/05/04 12:0 a.m.•5 views

RHEL 9 : openssh (RHSA-2026:13381)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13381 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...

Tenable Nessus•added 2026/05/04 12:0 a.m.•6 views

RHEL 8 : openssh (RHSA-2026:13383)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13383 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files...