CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/05/21 4:27 p.m.•5 views

RLSA-2026:7384 Critical: cockpit: Unauthenticated remote code execution due to SSH command-line argument injection

Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fixes: cockpit: ws: be more explicit when handling hostnames on cli...

9.8CVSS5.8AI score0.13889EPSS

Exploits3References2

OSV•added 2026/05/21 4:24 p.m.•5 views

RLSA-2026:6473 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS5.8AI score0.00216EPSS

Exploits0References2

Rockylinux•added 2026/05/21 4:24 p.m.•11 views

python3 security update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,...

7CVSS5.8AI score0.00216EPSS

OSV•added 2026/05/20 10:10 a.m.•7 views

RHSA-2026:19167 Red Hat Security Advisory: pcs security update

Bulletin has no description...

8.1CVSS6.2AI score0.01026EPSS

Exploits0References10

RedhatCVE•added 2026/05/20 7:57 a.m.•6 views

CVE-2026-6902

A Remote Code Execution vulnerability in P4 Helix Core Server's Command-Line Client, prior to the 2025.2 Patch 2, has been fixed to address potential security risks...

7.7CVSS5.8AI score0.00449EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в parsec

The vulnerability of the parsecmdlin function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...

5.5CVSS5.8AI score

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в ansible

A flaw was discovered in Ansible 2.7.16 and earlier versions, as well as 2.8.8 and earlier versions, and 2.9.5 and earlier versions. When a password is set using the “password” argument of the svn module, it is used in the svn command line, thereby exposing it to other users within the same node...

3.9CVSS6.5AI score0.00358EPSS

Exploits0References2

OSV•added 2026/05/20 2:28 a.m.•4 views

MAL-2026-4394 Malicious code in @ikyyofc/gemini-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5793a1cde3de83b8c15b49a0f9981d72fbf431067a4416ce6b2bd5650ea4a4d6 @ikyyofc/[email protected] ships two heavily obfuscated modules src/gemini.js and src/utils/proxy.js wrapped in an obfuscator.io-style string-array +...

5.8AI score

Exploits0References17

Tenable Nessus•added 2026/05/20 12:0 a.m.•25 views

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2026-1677)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1677 advisory. RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution CVE-2026-5405 Tenable has extracted the preceding description block...

7.8CVSS6.4AI score0.00148EPSS

Exploits1References4

Github Security Blog•added 2026/05/19 7:22 p.m.•9 views

9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin routes

Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands as the user running the 9router process — with zero prerequisites and no credentials required. The vulnerability exists because the Next.js...

6.1AI score0.00147EPSS

Exploits0References2Affected Software1

RedHat Linux•added 2026/05/19 6:30 p.m.•6 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...

RedHat Linux•added 2026/05/19 6:28 p.m.•11 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

RedHat Linux•added 2026/05/19 6:24 p.m.•9 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs

Fedora•added 2026/05/19 4:20 p.m.•13 views

[SECURITY] Fedora 44 Update: python-pysam-0.24.0-1.fc44

pysam - a python module for reading, manipulating and writing genomic data sets.pysam is a lightweight wrapper of the htslib C-API and provides faciliti es to read and write SAM/BAM/VCF/BCF/BED/GFF/GTF/FASTA/FASTQ files as well as access to the command line functionality of the samtools and...

9.8CVSS5.8AI score0.00518EPSS

Fedora•added 2026/05/19 4:1 p.m.•12 views

[SECURITY] Fedora 43 Update: rust-tealdeer-1.7.3-2.fc43

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...

9.8CVSS5.8AI score0.00412EPSS

RedHat Linux•added 2026/05/19 1:35 p.m.•8 views

python: Python: Command-line option injection in webbrowser.open() via crafted URLs