Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

142529 matches found

RedhatCVE
RedhatCVEadded 2026/05/29 8:13 p.m.12 views

CVE-2026-9452

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.02177EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/29 8:13 p.m.9 views

CVE-2026-9404

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This affects the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument provider leads to os command injection. The attack may be launched remotely. Th...

10CVSS7.1AI score0.01254EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/29 8:13 p.m.8 views

CVE-2026-44462

Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining $var@P, allowing arbitrary command execution under an allowlisted command prefix. This vulnerability is fixed in 0.229.0...

8.8CVSS6.1AI score0.00074EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/05/29 8:13 p.m.6 views

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

8.8CVSS6AI score0.00074EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 7:33 p.m.10 views

CVE-2026-44287

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.0006EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/29 7:33 p.m.14 views

EUVD-2026-33431

FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import with the regex /\bimport\s/.testcode. JavaScript syntax accepts a block comment between import and ; the regex matches only ASCII...

6.3CVSS6AI score0.0006EPSS
Exploits0References1
Snyk
Snykadded 2026/05/29 7:18 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...

6.3CVSS6AI score0.00116EPSS
Exploits0References2
Snyk
Snykadded 2026/05/29 7:18 p.m.5 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...

6.3CVSS6AI score0.00116EPSS
Exploits0References2
Snyk
Snykadded 2026/05/29 7:18 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the path query parameter of the volume browser endpoint, which is passed unsanitized to a shell command. An attacker can execute arbitrary commands within the helper container by injecting shell metacharacters into...

6.3CVSS6AI score0.00116EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 7:16 p.m.14 views

CVE-2026-49367

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...

8.8CVSS0.00013EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 7:16 p.m.8 views

CVE-2026-49366

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...

7.8CVSS0.00002EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 7:8 p.m.8 views

CVE-2026-45324 Rizin: Double free in cmd_search.c

Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmdsearch.c:bytepatternsearch due wrong pointer ownership declared. This vulnerability is fixed by commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe...

3.3CVSS5.8AI score0.00017EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 6:17 p.m.9 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS0.0025EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 6:17 p.m.9 views

CVE-2026-45630

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users to execute arbitrary system commands on remote servers via unsanitized echo shell interpolation...

9CVSS0.0026EPSS
Exploits0References1
CVE
CVEadded 2026/05/29 6:15 p.m.11 views

CVE-2026-49367

CVE-2026-49367 affects JetBrains IntelliJ IDEA prior to 2026.1.1. The issue enables command execution via the guest user account. The available sources in the provided documents describe the vulnerability at a high level (guest-user-triggered command execution) without detailing the exact exploit...

8.8CVSS5.9AI score0.00013EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/29 6:15 p.m.29 views

CVE-2026-49367

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...

8CVSS0.00013EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 6:15 p.m.9 views

CVE-2026-49367

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...

8CVSS5.9AI score0.00013EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 6:15 p.m.10 views

EUVD-2026-33415

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...

8CVSS5.9AI score0.00013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 6:15 p.m.6 views

CVE-2026-49367

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...

8CVSS5.9AI score0.00013EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 6:15 p.m.11 views

CVE-2026-49366

In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion...

7.8CVSS5.8AI score0.00002EPSS
Exploits0References2
Rows per page
Query Builder