CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/02/11 12:16 p.m.•2 views

CVE-2026-1094

4.6CVSS0.00023EPSS

Exploits0References3

OSV•added 2026/02/11 12:16 p.m.•1 views

UBUNTU-CVE-2026-1094

4.6CVSS5.8AI score0.00023EPSS

Exploits0References5

CNNVD•added 2026/02/11 12:0 a.m.•2 views

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Prior to GitLab CE/EE 18.8.4, there was a security vulnerability. This...

4.6CVSS5.9AI score0.00023EPSS

Exploits0References4

UbuntuCve•added 2026/02/11 12:0 a.m.•1 views

CVE-2026-1094

4.6CVSS5.9AI score0.00023EPSS

Exploits0References4

Fedora•added 2026/02/10 1:34 a.m.•6 views

[SECURITY] Fedora 43 Update: python3.6-3.6.15-52.fc43

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

6CVSS5.6AI score0.0017EPSS

Fedora•added 2026/02/10 1:9 a.m.•3 views

[SECURITY] Fedora 42 Update: python3.6-3.6.15-52.fc42

6CVSS5.6AI score0.0017EPSS

Veracode•added 2026/02/09 8:35 a.m.•5 views

Remote Code Execution (RCE)

Crafter CMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically managed Groovy code, where authenticated developers can bypass the Groovy sandbox by injecting malicious Groovy elements, allowing execution of arbitrary OS commands...

7.3CVSS6.1AI score0.00037EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/02/08 12:0 a.m.•1 views

PT-2026-7018

Name of the Vulnerable Software and Affected Versions Great Developers Certificate Generation System versions prior to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73 Description A flaw exists in Great Developers Certificate Generation System that allows for operating system command injection. The issue...

7.5CVSS5.9AI score0.00062EPSS

Exploits1References6

RedhatCVE•added 2026/02/03 9:19 p.m.•2 views

CVE-2026-1770

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass sandbox restrictions and obtain RCE Remote Code...

Github Security Blog•added 2026/02/02 6:31 p.m.•4 views

Crafter CMS has Improper Control of Dynamically-Managed Code Resources

Exploits0References3Affected Software1

OSV•added 2026/02/02 6:31 p.m.•2 views

GHSA-GJ28-GW7W-3PXC Crafter CMS has Improper Control of Dynamically-Managed Code Resources

NVD•added 2026/02/02 5:16 p.m.•2 views

Exploits0References3

CVE-2026-1770

7.3CVSS0.00037EPSS

CVE•added 2026/02/02 4:16 p.m.•4 views

CVE-2026-1770

CVE-2026-1770 affects Crafter CMS, specifically Crafter Studio. The vulnerability arises from Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox, enabling authenticated developers to insert malicious Groovy code to bypass sandbox restrictions and achieve Remote Code Exe...

Vulnrichment•added 2026/02/02 4:16 p.m.•2 views

CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Schneier on Security•added 2026/02/02 12:5 p.m.•1 views

AI Coding Assistants Secretly Copying All Code to China

There's a new report about two AI coding assistants, used by 1.5 million developers, that are surreptitiously sending a copy of everything they ingest to China. Maybe avoid using them...

5.4AI score

Positive Technologies•added 2026/02/02 12:0 a.m.•2 views

PT-2026-5681

Name of the Vulnerable Software and Affected Versions Crafter CMS versions affected versions not specified Description An issue exists in Crafter Studio of Crafter CMS that allows authenticated developers to execute operating system commands. This is due to a bypass of the Groovy Sandbox...

7.3CVSS6.1AI score0.00037EPSS

Exploits0References8

CNNVD•added 2026/02/02 12:0 a.m.•3 views

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS developed by CrafterCMS Inc. There is a security vulnerability in CrafterCMS, which stems from improper control over dynamically managed code resources. This vulnerability could allow authenticated developers to bypass sandbox restrictions and execute OS commands...

7.3CVSS6AI score0.00037EPSS

Packet Storm News•added 2026/01/27 12:0 a.m.•2 views

Who Said CVE? How Vulnerability Identifiers Are Mentioned by Humans, Bots, and Agents in Pull Requests

Vulnerability identifiers such as CVE, CWE, and GHSA are standardised references to known software security issues, yet their use in practice is not well understood. This paper compares vulnerability ID use in GitHub pull requests authored by autonomous agents, bots, and human developers. Using t...

5.9AI score

The Hacker News•added 2026/01/26 8:54 a.m.•9 views

Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers

The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence AI tools to target developers and engineering teams in the blockchain sector. The phishing campaign has targeted Japan, Australia, and India, highlighting the adversary'...

6.2AI score