CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/27 12:0 a.m.•5 views

systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM software library developed by Sebastian Hildebrandt, which allows access to operating system information. Versions of SystemInformation from 4.17.0 to 5.31.5 contain a vulnerability related to operating system command injection. This vulnerability arises on Linux when t...

7.8CVSS5.8AI score0.00483EPSS

Exploits0References1

CVE•added 2026/05/27 12:0 a.m.•9 views

CVE-2026-36045

CVE-2026-36045 affects picoclaw up to v0.1.2 (and earlier). The issue is an OS command injection in the ExecTool component (pkg/tools/shell.go) caused by an incomplete denylist in guardCommand() that attempts to restrict shell execution. The vulnerability description is consistently reported acro...

7.3CVSS5.9AI score0.01314EPSS

NVD•added 2026/05/26 10:16 p.m.•10 views

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

9.6CVSS0.00178EPSS

Cvelist•added 2026/05/26 9:58 p.m.•32 views

CVE-2026-44985 Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication

8.7CVSS0.00178EPSS

EUVD•added 2026/05/26 9:58 p.m.•6 views

EUVD-2026-32017

8.7CVSS5.8AI score0.00178EPSS

Vulnrichment•added 2026/05/26 9:58 p.m.•7 views

CVE-2026-44985 Dozzle: Cross-Site WebSocket Hijacking (CSWSH) on exec/attach endpoints bypasses authentication

8.7CVSS5.8AI score0.00178EPSS

RedhatCVE•added 2026/05/26 2:13 p.m.•7 views

CVE-2026-9437

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

6.5CVSS6.2AI score0.01364EPSS

Exploits0References1

Snyk•added 2026/05/26 12:30 p.m.•4 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper validation of symbolic links in the virt-handler process. An attacker can gain unauthorized access to privileged Unix sockets on the host by replacing a virtual machine console socket with a symlink to a...

9.9CVSS5.5AI score0.00544EPSS

CNNVD•added 2026/05/26 12:0 a.m.•6 views

Dozzle 访问控制错误漏洞

Dozzle is a small, lightweight application developed by Amir Raminfar as an individual project. Versions of Dozzle prior to 10.5.2 contained an access control vulnerability. This vulnerability stemmed from the WebSocket upgrade mechanism used by the /exec and /attach endpoints, which accepted...

9.6CVSS5.7AI score0.00178EPSS

Exploits1References3

EUVD•added 2026/05/25 11:0 a.m.•10 views

EUVD-2026-31668

A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this issue is the function ExecTool.execute of the file /src/tools/exec.ts. Such manipulation leads to os command injection. The attack can be launched remotely. The...

7.5CVSS6.7AI score0.01549EPSS

Vulnrichment•added 2026/05/25 11:0 a.m.•7 views

CVE-2026-9452 FoundDream miniclawd exec.ts ExecTool.execute os command injection

7.5CVSS6.7AI score0.01549EPSS

CVE•added 2026/05/25 7:15 a.m.•15 views

CVE-2026-9437

DTStack Taier 1.4.0 REST API Runtime.exec is affected. The vulnerability arises from manipulation of the sqlText argument, enabling OS command injection that could be exploited remotely. Exploit information is publicly disclosed; no remediation details are provided in the documents. The connected...

6.5CVSS6.2AI score0.01364EPSS

Exploits0References4

ATTACKERKB•added 2026/05/25 7:15 a.m.•7 views

CVE-2026-9437

6.5CVSS6.2AI score0.01364EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/05/25 12:0 a.m.•10 views

PT-2026-43039

7.5CVSS6.7AI score0.01549EPSS

CNNVD•added 2026/05/25 12:0 a.m.•7 views

miniclawd 操作系统命令注入漏洞

miniclawd is a lightweight personal AI assistant with multi-LLM and multi-channel support by Ziwen Personal Developer. miniclawd suffers from an OS command injection vulnerability that originates from the parameter manipulation of the function ExecTool.execute in the file /src/tools/exec.ts, whic...

7.5CVSS7AI score0.01549EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в containerd

Containerd is an open-source container runtime. A bug was discovered in the CRI implementation of Containerd, where programs within a container can cause the Containerd daemon to consume memory indefinitely during the invocation of the ExecSync API. This can result in Containerd consuming all...

5.5CVSS6.3AI score0.00377EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: vfio/type1: prevents underflow of lockedvm via exec When a vfio container is preserved during execution, the task does not change. Instead, a new memory page is allocated with lockedvm=0, and the counter from existing DMA mapping...

5.5CVSS5.5AI score0.00145EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•12 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix lockup on kernel exec fault The powerpc kernel is not prepared to handle exec faults from the kernel. In particular, the function isexecfault will return “false” when an exec fault is encountered by the kernel,...

5.5CVSS5.5AI score0.00181EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в mariadb-10.3

It was discovered that MariaDB versions 10.2 to 10.7 contain a segmentation fault due to the component Exectimetracker::getloops/Filesorttracker::reportuse/filesort...

7.5CVSS7.3AI score0.01425EPSS