CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-43542

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.8AI score0.00033EPSS

Exploits0References2

OSV•added 2026/05/19 6:9 p.m.•4 views

MAL-2026-4522 Malicious code in claude-all-config (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 63c5a1f5a6f5bd2dadc4e207ff4e8e310c24cd4c99c751ed094251e00e0af8f3 On install, postinstall.js writes configuration into /.claude/, /.gemini/, /.codex/, and /.kiro/ that hard-wires AI tooling to author-controlled...

OSSF Malicious Packages•added 2026/05/19 6:9 p.m.•9 views

Malicious code in claude-all-config (npm)

OSV•added 2026/05/10 12:0 a.m.•3 views

MAL-2026-3646 Malicious code in erslove (npm)

erslove is a typosquatting package impersonating resolve, the module resolution library implementing require.resolve semantics. The package bundles the legitimate resolve source and test fixtures to appear functional while hiding a credential-theft payload in index1.js, executed at install time v...

Tenable Nessus•added 2026/05/02 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2013-0266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the puppetlabs-cinder module, as used in PackStack. This vulnerability is due to incorrect file permissions, specifically world-readable...

5.5CVSS5.7AI score0.00035EPSS

Exploits0References2

ATTACKERKB•added 2026/04/23 9:57 p.m.•0 views

CVE-2026-41332

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS5.9AI score0.0002EPSS

Cvelist•added 2026/04/10 9:21 a.m.•24 views

CVE-2021-47960

A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web pag...

6.5CVSS0.00033EPSS

CNNVD•added 2026/04/10 12:0 a.m.•4 views

systemd 安全漏洞

Systemd is a Linux-based system and service manager developed by Lennart Poettering of Germany. This product is compatible with SysV and LSB startup scripts, and it provides a framework for representing dependencies between system services. Prior to version 260, there was a security vulnerability...

6.4CVSS5.8AI score0.00009EPSS

OSSF Malicious Packages•added 2026/04/09 2:5 p.m.•8 views

Malicious code in sjs-biginteger (npm)

sjs-biginteger typosquats big.js on npm. Published April 7, 2026 by throwaway account vanes.s.p.orit.a, the package ships legitimate big.js source and hides its payload in a dependency: sjs-lint-build1. On install, the dependency’s postinstall hook fetches the attacker’s SSH public key from a C2...

Snyk•added 2026/04/08 9:52 p.m.•1 views

Command Injection

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

9.6CVSS6.2AI score0.0008EPSS

Exploits1References2

Snyk•added 2026/03/26 8:33 p.m.•4 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the importConfig process. An attacker can execute arbitrary code on the server by importing a crafted configuration file containing malicious paths. Details A Directory Traversal attack also known as path travers...

8.8CVSS7.1AI score0.00028EPSS

Exploits1References3

RedhatCVE•added 2026/03/26 3:13 p.m.•1 views

CVE-2025-36051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

6.2CVSS5.8AI score0.00017EPSS

RedhatCVE•added 2026/03/26 3:2 p.m.•1 views

CVE-2026-32297

The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...

9.3CVSS6.2AI score0.00041EPSS

NVD•added 2026/03/25 9:16 p.m.•2 views

CVE-2026-30976

Sonarr is a PVR for Usenet and BitTorrent users. In versions on the 4.x branch prior to 4.0.17.2950, an unauthenticated remote attacker can potentially read any file readable by the Sonarr process. These include application configuration files containing API keys and database credentials, Windows...

8.6CVSS0.00022EPSS