CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29376

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.2 Description SiYuan is a personal knowledge management system susceptible to a stored cross-site scripting XSS issue. An attacker can inject a malicious URL into an Attribute View mAsse field. When a victim opens...

9CVSS6.1AI score0.00026EPSS

Exploits1References13

Positive Technologies•added 2026/03/31 12:0 a.m.•1 views

PT-2026-29148

Name of the Vulnerable Software and Affected Versions baserCMS versions prior to 5.2.3 Description baserCMS is a website development framework. A security issue exists in the update functionality that allows an authenticated user with administrator privileges to execute arbitrary OS commands on t...

9.1CVSS6.1AI score0.00066EPSS

Exploits0References14

ATTACKERKB•added 2026/03/31 12:0 a.m.•1 views

CVE-2026-30310

CVE•added 2026/03/31 12:0 a.m.•4 views

CVE-2026-30310

The CVE concerns the Sixth terminal command execution design, where two options exist: execute safe commands automatically or require user approval for potentially dangerous ones. The flaw is susceptible to prompt-injection: an attacker can wrap a malicious command in a generic template and misle...

9.8CVSS6AI score0.00097EPSS

CNNVD•added 2026/03/31 12:0 a.m.•3 views

TRENDnet TEW-713RE 命令注入漏洞

The TRENDnet TEW-713RE is a wireless network range extender from TRENDnet. The TRENDnet TEW-713RE suffers from a command injection vulnerability that originates from a misuse of the parameter dest in the file /goform/addRouting, which can be exploited by an attacker to cause arbitrary command...

9.8CVSS6.7AI score0.00412EPSS

Exploits1References4

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29248

SUSE CVE•added 2026/03/30 11:30 p.m.•2 views

SUSE CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

8.8CVSS6.2AI score0.00057EPSS

Exploits0References4

EUVD•added 2026/03/30 9:31 p.m.•3 views

EUVD-2026-17203

In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be...

6AI score0.00033EPSS

EUVD•added 2026/03/30 9:31 p.m.•2 views

EUVD-2026-17204

In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a...

NVD•added 2026/03/30 9:17 p.m.•2 views

CVE-2026-30308

9.8CVSS0.00097EPSS

NVD•added 2026/03/30 9:17 p.m.•2 views

CVE-2026-30306

9.8CVSS0.00033EPSS

OSV•added 2026/03/30 4:23 p.m.•1 views

GHSA-FHH2-GG7W-GWPQ nginx-ui Backup Restore Allows Tampering with Encrypted Backups

Summary The nginx-ui backup restore mechanism allows attackers to tamper with encrypted backup archives and inject malicious configuration during restoration. Details The backup format lacks a trusted integrity root. Although files are encrypted, the encryption key and IV are provided to the clie...

9.4CVSS6.3AI score0.0002EPSS

Exploits0References5

Github Security Blog•added 2026/03/30 4:23 p.m.•10 views

nginx-ui Backup Restore Allows Tampering with Encrypted Backups

9.4CVSS6.3AI score0.0002EPSS

Exploits0References5Affected Software1

Snyk•added 2026/03/30 4:23 p.m.•1 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value through the Restore process in internal/backup/restore.go and internal/backup/manifest.go. An attacker can inject malicious configuration and gain arbitrary command execution by tampering wit...

9.4CVSS6.3AI score0.0002EPSS

Exploits0References4

Github Security Blog•added 2026/03/30 9:31 a.m.•7 views

MLflow Command Injection vulnerability

A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the installmodeldependenciestoenv function. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and...

10CVSS7.5AI score0.00281EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2026/03/30 7:16 a.m.•2 views

CVE-2025-15379 Command Injection in mlflow/mlflow

10CVSS6.2AI score0.00281EPSS

Exploits1References2

CNNVD•added 2026/03/30 12:0 a.m.•3 views

HAI Builds Code Generator 安全漏洞

HAI Builds Code Generator is an AI-driven software requirement generation and management tool open-sourced by Presidio INC. HAI Builds Code Generator has a security vulnerability, which stems from defects in the design of automatic terminal command execution. This vulnerability makes it susceptib...

9.8CVSS6AI score0.00097EPSS

Positive Technologies•added 2026/03/30 12:0 a.m.•4 views

PT-2026-29120

Name of the Vulnerable Software and Affected Versions HAI Build Code Generator affected versions not specified Description The software’s design for automatic terminal command execution, offering ‘Execute safe commands’ and ‘Execute all commands’ options, is susceptible to prompt injection attack...

9.8CVSS6AI score0.00097EPSS

Exploits0References5

ATTACKERKB•added 2026/03/30 12:0 a.m.•2 views

CVE-2026-30308