CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

8.6CVSS6.1AI score0.00019EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-44466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash arithmetic expansion $..., allowing execution of arbitrar...

Exploits1References2

8.4CVSS6.1AI score0.0013EPSS

RockyLinux 10 : edk2 (RLSA-2026:18465)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:18465 advisory. edk2: EDK2: Improper Input Validation allows arbitrary command execution CVE-2025-2296 Tenable has extracted the preceding description block directly from the...

8.2CVSS6.2AI score0.00034EPSS

RockyLinux 10 : vim (RLSA-2026:19073)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19073 advisory. vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 Tenable has extracted the preceding description block directly from the RockyLinux...

Positive Technologies•added 6 days ago•4 views

PT-2026-44980

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description The JavaScript sandbox worker fails to properly block dynamic import calls due to an insufficient regular expression. The regex /bimports/.testcode only accounts for ASCII whitespace and does...

6.3CVSS6AI score0.00054EPSS

Tenable Nessus•added 6 days ago•7 views

AlmaLinux 8 : cockpit (ALSA-2026:21700)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:21700 advisory. cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI CVE-2026-4802 Tenable has extracted the preceding description block directly fro...

8CVSS7.2AI score0.00275EPSS

CNNVD•added 6 days ago•3 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy 0.26.6 and earlier contain security vulnerabilities. These vulnerabilities stem from command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are concatenated directly into...

9.9CVSS6.1AI score0.00235EPSS

Positive Technologies•added 6 days ago•5 views

PT-2026-45051

Summary execute code in praisonaiagents/tools/python tools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print. self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command...

9.9CVSS6.4AI score

CNNVD•added 6 days ago•4 views

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 contained a security vulnerability; this vulnerability could allow command execution due to guest user...

8.8CVSS5.9AI score0.00013EPSS

CNNVD•added 6 days ago•4 views

Dokploy 安全漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy prior to 0.29.1 contain security vulnerabilities. These vulnerabilities stem from the destinationPath parameter in the Docker file upload function not being properly cleaned and directly inserted into the shell...

9.9CVSS6.1AI score0.00234EPSS

Positive Technologies•added 6 days ago•7 views

PT-2026-44947

Name of the Vulnerable Software and Affected Versions JetBrains IntelliJ IDEA versions prior to 2026.1.1 Description Command execution is possible through the guest user account. Recommendations Update to version 2026.1.1...

8.8CVSS5.9AI score0.00013EPSS

Exploits0References4

Tenable Nessus•added 6 days ago•7 views

RHEL 9 : cockpit (RHSA-2026:21392)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:21392 advisory. Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports,...

8CVSS6AI score0.00275EPSS

Exploits0References4

CNNVD•added 6 days ago•4 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 TX and RX Hosts 7.9.1.0 R2502171040 version contains an operating system command injection vulnerability. This...

9.8CVSS6.1AI score0.00261EPSS

8.6CVSS6.2AI score0.00018EPSS

Linux Distros Unpatched Vulnerability : CVE-2026-44461

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable key...

Exploits1References2

NVD•added last week•6 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS0.0021EPSS