Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

16801 matches found

Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.2 views

PT-2026-32575

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LD PRELOAD-base...

6.3CVSS6.5AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.4 views

PT-2026-33229

Summary goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to filesystem paths outside the configured SFTP root, which breaks the intended jail boundary and can expose or modify unrelated server files. Details The SFTP...

8.7CVSS6AI score0.00439EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.1 views

PT-2026-32730

Name of the Vulnerable Software and Affected Versions Microsoft Power Apps affected versions not specified Description Improper neutralization of escape, meta, or control sequences allows an authorized attacker to bypass a security feature over a network. Recommendations At the moment, there is n...

9CVSS5.2AI score0.00563EPSS
Exploits0References13
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.5 views

PT-2026-32894

Name of the Vulnerable Software and Affected Versions Terrarium affected versions not specified Description A sandbox escape allows arbitrary code execution with root privileges on a host process. This is achieved through JavaScript prototype chain traversal, which enables a full container escape...

9.3CVSS6.6AI score0.00209EPSS
Exploits0References21
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.2 views

PT-2026-32574

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LD PRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

6.3CVSS6.3AI score0.00485EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/04/14 12:0 a.m.4 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained security vulnerabilities. These vulnerabilities stemmed from incomplete sandbox protection mechanisms, which could allow authenticated user...

7.4CVSS6.5AI score0.00485EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/04/14 12:0 a.m.5 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from a sandbox escape issue in the ToolExecutor component, which could allow...

7.4CVSS6.1AI score0.00264EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/04/14 12:0 a.m.0 views

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2NITRO-ENCLAVES-2026-096 (ALASNITRO-ENCLAVES-2026-096)

The version of oci-add-hooks installed on the remote host is prior to 0-0.8.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-096 advisory. url.Parse insufficiently validated the host/authority component and accepted some...

7.5CVSS7.4AI score0.0052EPSS
Exploits0References8
Tenable Nessus
Tenable Nessusadded 2026/04/14 12:0 a.m.8 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-108 (ALASDOCKER-2026-108)

"The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-108 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On...

9.1CVSS7.1AI score0.00522EPSS
Exploits1References10
Amazon
Amazonadded 2026/04/14 12:0 a.m.6 views

Important: containerd

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.00522EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2026/04/14 12:0 a.m.8 views

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-105 (ALASDOCKER-2026-105)

The version of runc installed on the remote host is prior to 1.3.4-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-105 advisory. url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix...

7.5CVSS7.4AI score0.0052EPSS
Exploits0References8
Amazon
Amazonadded 2026/04/14 12:0 a.m.5 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS
Exploits0
Amazon
Amazonadded 2026/04/14 12:0 a.m.8 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS
Exploits0
Amazon
Amazonadded 2026/04/14 12:0 a.m.9 views

Medium: amazon-ecr-credential-helper

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS
Exploits0
Amazon
Amazonadded 2026/04/14 12:0 a.m.8 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS
Exploits0
Amazon
Amazonadded 2026/04/14 12:0 a.m.7 views

Important: docker

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS7AI score0.00522EPSS
Exploits1
Amazon
Amazonadded 2026/04/14 12:0 a.m.7 views

Medium: runc

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS
Exploits0
Amazon
Amazonadded 2026/04/14 12:0 a.m.8 views

Medium: oci-add-hooks

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

7.5CVSS5.9AI score0.0052EPSS
Exploits0
Amazon
Amazonadded 2026/04/14 12:0 a.m.7 views

Important: containerd

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.00522EPSS
Exploits1
Amazon
Amazonadded 2026/04/14 12:0 a.m.13 views

Important: ecs-init

Issue Overview: url.Parse insufficiently validated the host/authority component and accepted some invalid URLs. CVE-2026-25679 On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which t...

9.1CVSS6AI score0.00522EPSS
Exploits1
Rows per page
Query Builder