CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

44736 matches found

Positive Technologies•added 2026/02/05 12:0 a.m.•1 views

PT-2026-6649

Name of the Vulnerable Software and Affected Versions enclave-vm versions prior to 2.10.1 @enclave-vm/core versions prior to 2.10.1 Description The security measures within enclave-vm are inadequate. The Abstract Syntax Tree AST sanitization can be circumvented using dynamic property accesses. Th...

6.4CVSS6AI score0.00007EPSS

Exploits1References10

Packet Storm•added 2026/02/05 12:0 a.m.•172 views

📄 OctoPrint 1.11.2 Remote Code Execution

OctoPrint versions 1.11.2 and below suffer from a remote code execution vulnerability via a malformed filename being used in an authenticated file upload. Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org...

8.8CVSS6.3AI score0.02219EPSS

Exploits4

CISA KEV Catalog•added 2026/02/05 12:0 a.m.•9 views

SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability

SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution...

9.8CVSS5.6AI score0.83401EPSS

In wildExploits0

Github Security Blog•added 2026/02/04 8:34 p.m.•3 views

EPyT-Flow vulnerable to unsafe JSON deserialization (__type__)

Impact EPyT-Flow’s REST API parses attacker-controlled JSON request bodies using a custom deserializer myloadfromjson that supports a type field. When type is present, the deserializer dynamically imports an attacker-specified module/class and instantiates it with attacker-supplied arguments. Thi...

10CVSS5.6AI score0.00096EPSS

Exploits0References5Affected Software1

EUVD•added 2026/02/04 8:31 p.m.•2 views

EUVD-2025-206777

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

9.8CVSS5.8AI score0.00076EPSS

Exploits0References1

Vulnrichment•added 2026/02/04 8:31 p.m.•1 views

CVE-2025-13375 IBM Common Cryptographic Architecture Arbitrary Command Execution

IBM Common Cryptographic Architecture CCA 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system...

9.8CVSS5.8AI score0.00076EPSS

Exploits0References1

CVE•added 2026/02/04 8:31 p.m.•13 views

CVE-2025-13375

IBM Common Cryptographic Architecture (CCA) versions affected: 7.5.52 and 8.4.82. The Red Hat/IBM bulletin and NVD entries indicate an unauthenticated user could execute arbitrary commands with elevated privileges on systems running these CCA releases. Affected platforms include IBM AIX, IBM i, I...

9.8CVSS5.8AI score0.00076EPSS

Exploits0References1

Cvelist•added 2026/02/04 7:32 p.m.•25 views

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds...

7.8CVSS0.00014EPSS

Exploits0References2

OSV•added 2026/02/04 7:32 p.m.•2 views

CVE-2026-25143 melange affected by potential host command execution via license-check YAML mode patch pipeline

7.8CVSS6AI score0.00014EPSS

Exploits0References4

EUVD•added 2026/02/04 7:31 p.m.•2 views

EUVD-2026-5372

melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could execute arbitrary shell commands if the pipeline uses $vars. or $inputs. substitutions in...

7.9CVSS5.8AI score0.00012EPSS

Exploits0References2

CVE•added 2026/02/04 7:31 p.m.•13 views

CVE-2026-24844

CVE-2026-24844 affects melange. Affected: melange pipeline building in versions 0.3.0–0.40.2 (before 0.40.3). Vulnerability: in pipelines that use ${{vars.}} or ${{inputs. }} substitutions in working-directory, an attacker who can provide build input values (but cannot modify pipeline definitions...

8.8CVSS5.8AI score0.00012EPSS

Exploits0References2Affected Software1

NVD•added 2026/02/04 5:16 p.m.•3 views

CVE-2026-25053

n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to execute arbitrary system commands or read arbitrary files on the n8n host. This issue has been...

9.9CVSS0.00031EPSS

Exploits0References1

NVD•added 2026/02/04 5:16 p.m.•3 views

CVE-2026-25049

n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n. This issue h...

9.9CVSS0.00053EPSS

Exploits0References3

NVD•added 2026/02/04 5:16 p.m.•2 views

CVE-2026-20098

A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privileges to root on an affected system. This vulnerability is due to improper input validation in...

8.8CVSS0.00894EPSS

Exploits0References1