CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/01/30 12:0 a.m.•2 views

PT-2026-5441

Name of the Vulnerable Software and Affected Versions Cybersecurity AI CAI versions up to and including 0.5.10 Description The Cybersecurity AI CAI framework contains multiple argument injection vulnerabilities within its function tools. User-controlled input is directly passed to shell commands...

9.6CVSS6.2AI score0.00053EPSS

Exploits3References11

ATTACKERKB•added 2026/01/23 11:50 p.m.•4 views

CVE-2026-24474

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

5.3CVSS5.8AI score0.00026EPSS

Exploits0References3

OSV•added 2026/01/22 1:15 a.m.•2 views

AZL-75360 CVE-2026-23893 affecting package opencryptoki 3.17.0-1

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

6.8CVSS6AI score0.00007EPSS

Exploits0References1

UbuntuCve•added 2026/01/22 1:15 a.m.•2 views

CVE-2026-23893

6.8CVSS5.9AI score0.00007EPSS

Exploits0References3

ATTACKERKB•added 2026/01/22 12:1 a.m.•3 views

CVE-2026-23893

6.8CVSS5.7AI score0.00007EPSS

Exploits0References3Affected Software1

OSV•added 2026/01/21 10:52 p.m.•2 views

GHSA-RJR4-V43M-PXQ6 Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...

6.3CVSS5.7AI score

Exploits0References4

RedhatCVE•added 2026/01/20 3:28 p.m.•2 views

CVE-2025-61684

Quicly, an IETF QUIC protocol implementation, is susceptible to a denial-of-service attack prior to commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. A remote attacker can exploit these bugs to trigger an assertion failure that crashes process using Quicly. Commit...

RedhatCVE•added 2026/01/19 11:25 p.m.•2 views

Exploits0References1

CVE-2026-23644

esm.sh is a no-build content delivery network CDN for web development. Prior to Go pseeudoversion 0.0.0-20260116051925-c62ab83c589e, the software has a path traversal vulnerability due to an incomplete fix. path.Clean normalizes a path but does not prevent absolute paths in a malicious tar file...

8.7CVSS5.5AI score0.00117EPSS

NVD•added 2026/01/19 9:15 p.m.•3 views

CVE-2026-23880

OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site scripting vulnerability that can be rendered to an admin wh...

7.3CVSS0.00087EPSS

NVD•added 2026/01/19 4:15 p.m.•1 views

CVE-2025-61684

7.5CVSS0.00272EPSS

OSV•added 2026/01/19 3:18 p.m.•2 views

CVE-2025-61684 Quicly has assertion failures

CVE•added 2026/01/19 3:18 p.m.•4 views

Exploits0References4

CVE-2025-61684

CVE-2025-61684 affects Quicly, an IETF QUIC protocol implementation. The vulnerability is a denial-of-service caused by an assertion failure that crashes the process, exploitable before commit d9d3df6a8530a102b57d840e39b0311ce5c9e14e. The issue is mitigated by the mentioned commit which fixes the...

Exploits0References2Affected Software1

ATTACKERKB•added 2026/01/19 3:18 p.m.•3 views

CVE-2025-61684

7.5CVSS5.5AI score0.00272EPSS

Exploits0References3

Vulnrichment•added 2026/01/19 3:18 p.m.•2 views

CVE-2025-61684 Quicly has assertion failures

Cvelist•added 2026/01/18 10:49 p.m.•12 views

CVE-2026-23644 esm.sh has path traversal in `extractPackageTarball` that enables file writes from malicious packages

8.7CVSS0.00117EPSS

Exploits1References4

ATTACKERKB•added 2026/01/18 10:49 p.m.•1 views

CVE-2026-23644

8.7CVSS5.4AI score0.00117EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/01/09 12:16 p.m.•6 views

CVE-2018-1000882

WeBid version up to current version 1.2.2 contains a Directory Traversal vulnerability in getthumb.php that can result in Arbitrary Image File Read. This attack appear to be exploitable via HTTP GET Request. This vulnerability appears to have been fixed in after commit...

7.5CVSS6.9AI score0.00504EPSS

RedhatCVE•added 2026/01/09 8:34 a.m.•2 views

CVE-2024-41112

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the palette variable in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 380, leading to remote code execution. Commit...

9.8CVSS7.7AI score0.01559EPSS

RedhatCVE•added 2026/01/09 8:34 a.m.•7 views

CVE-2024-41117

streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 115 in pages/10🌍EarthEngineDatasets.py takes user input, which is later used in the eval function on line 126, leading to remote...

9.8CVSS9.7AI score0.02335EPSS