Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/04/22 8:38 p.m.6 views

CVE-2026-25542

A flaw was found in Tekton Pipelines. An attacker can bypass trusted resource verification policies by crafting a malicious source string that contains a trusted pattern as a substring. This is due to the regexp.MatchString function in Go matching patterns anywhere within a string, rather than...

6.5CVSS5.5AI score0.00264EPSS
Exploits1References5
CVE
CVEadded 2026/04/14 3:0 a.m.18 views

CVE-2026-40288

PraisonAI and praisonaiagents prior to versions 4.5.139 and 1.5.140 are exposed to a critical RCE via untrusted workflow YAML. When a YAML file for type: job is loaded, the JobWorkflowExecutor (job_workflow.py) processes steps allowing run (subprocess.run), script (inline Python via exec), and py...

9.8CVSS6.4AI score0.00609EPSS
Exploits1References1Affected Software2
EUVD
EUVDadded 2026/01/26 9:53 p.m.5 views

EUVD-2026-4656

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

6.5CVSS5.9AI score0.00438EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/01/26 9:50 p.m.1 views

CVE-2026-23889 pnpm has Windows-specific tarball Path Traversal

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's tarball extraction allows malicious packages to write files outside the package directory on Windows. The path normalization only checks for ./ but not .. On Windows, backslashes are directory separators...

6.5CVSS5.9AI score0.00433EPSS
Exploits1References3
Veracode
Veracodeadded 2026/01/22 8:25 a.m.6 views

Command Injection

Wrangler is vulnerable to Command Injection. The vulnerability is due to unsanitized interpolation of the --commit-hash parameter into a shell command, where attacker-controlled input is passed directly to execSync, allowing arbitrary command execution in environments such as CI/CD pipelines that...

9.9CVSS6.1AI score0.01393EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/01/20 10:58 p.m.40 views

CVE-2026-0933 OS Command Injection in `wrangler pages deploy`

SummaryA command injection vulnerability CWE-78 has been found to exist in the wrangler pages deploy command. The issue occurs because the --commit-hash parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of --commit-hash to...

7.7CVSS0.01393EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/10/02 12:0 a.m.3 views

PT-2023-31754 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 13.12 through 16.2.8 GitLab EE versions 16.3.0 through 16.3.5 GitLab EE versions 16.4.0 through 16.4.1 Description: An issue has been discovered in Ultimate-licensed GitLab EE that could allow an attacker to impersonate use...

8.2CVSS6.7AI score0.00526EPSS
Exploits0References10
Rows per page
Query Builder