CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.5CVSS5.7AI score0.26364EPSS

ECHO-E844-254C-98EB

Bulletin has no description...

Exploits0References2

8.8CVSS7AI score0.07722EPSS

ECHO-1EE2-55C5-A468

Bulletin has no description...

Exploits1References2

NVD•added 2 days ago•6 views

CVE-2026-9590

Improper access control in the permission validation component in Devolutions Server 2026.1.19 and earlier allows an authenticated user with entry edit privileges to modify asset information without the required permission...

5.3CVSS0.0003EPSS

7.8CVSS5.7AI score0.00022EPSS

CGA-VFC5-249V-J9VX

Bulletin has no description...

Exploits0

Vulnrichment•added 2 days ago•4 views

CVE-2026-9590

5.8AI score0.0003EPSS

Cvelist•added 2 days ago•29 views

CVE-2026-9590

0.0003EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-33935

5.3CVSS5.8AI score0.0003EPSS

7.5CVSS6.8AI score0.00018EPSS

MINI-W22F-WCMR-PXHR

Bulletin has no description...

Exploits1

5.4CVSS5.7AI score0.00013EPSS

MINI-72WW-2VCJ-GH7H

Bulletin has no description...

Exploits0

OSV•added 2 days ago•7 views

ROOT-OS-DEBIAN-13-CVE-2025-38660 CVE-2025-38660 in rootio-linux - Patched by Root

Root has patched CVE-2025-38660 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00024EPSS

Exploits0

EUVD•added 2 days ago•5 views

EUVD-2026-33856

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

5.3CVSS5.6AI score0.00021EPSS

Exploits0References5

NVD•added 3 days ago•7 views

CVE-2025-70099

A NULL pointer dereference in the ext4direngetnamelen function in include/ext4dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem image with malformed directory entries. During directory iteration, the code may fail to validate the...

7.5CVSS0.00038EPSS

NVD•added 3 days ago•7 views

CVE-2026-8643

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

4.1CVSS0.00013EPSS

Vulnrichment•added 3 days ago•4 views

CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory

ATTACKERKB•added 3 days ago•3 views

Exploits0References2

CVE-2026-8643

EUVD•added 3 days ago•5 views

EUVD-2026-33682

CVE•added 3 days ago•10 views

Exploits0References2

CVE-2026-8643

The CVE-2026-8643 vulnerability affects the Python package installer, pip. A flaw allows a malicious wheel containing crafted entry-point names that use directory traversal or absolute paths to cause wrappers to be written outside the installation directory, enabling arbitrary file overwrite and ...

OSV•added 3 days ago•6 views

GHSA-Q53Q-5R4J-5729 rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

8.7CVSS5.9AI score