CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/29 4:11 p.m.•8 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

Exploits0References2Affected Software1

EUVD•added 2026/05/29 4:11 p.m.•9 views

EUVD-2026-33354

Cvelist•added 2026/05/29 4:11 p.m.•33 views

CVE-2026-45632 Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution

9.9CVSS0.00256EPSS

CVE•added 2026/05/29 4:11 p.m.•17 views

CVE-2026-45632

Dokploy (free self-hosted PaaS) is affected by CVE-2026-45632 due to a flaw in the schedule router prior to 0.26.7 that fails to enforce organization/role checks. This allows any authenticated user to create, update, run, or delete schedules for other organizations if they know the scheduleId/ser...

Vulnrichment•added 2026/05/29 4:11 p.m.•12 views

CVE-2026-45632 Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution

Vulnrichment•added 2026/05/29 4:7 p.m.•12 views

CVE-2026-45661 Dokploy: Remote Code Execution through Path Traversal

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitrary files to the filesystem during application deployment. When combined with Dokploy's remote serve...

Cvelist•added 2026/05/29 4:7 p.m.•32 views

CVE-2026-45661 Dokploy: Remote Code Execution through Path Traversal

9.9CVSS0.0066EPSS

CVE•added 2026/05/29 4:7 p.m.•20 views

CVE-2026-45661

Dokploy

EUVD•added 2026/05/29 4:7 p.m.•11 views

EUVD-2026-33352

ATTACKERKB•added 2026/05/29 4:7 p.m.•11 views

CVE-2026-45661

Exploits0References2Affected Software1

OSV•added 2026/05/29 4:3 p.m.•11 views

RLSA-2026:19073 Important: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox bypass CVE-2026-34982 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

8.2CVSS6.2AI score0.00417EPSS

OSV•added 2026/05/29 4:3 p.m.•10 views

RLSA-2026:19150 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

7.8CVSS6.2AI score0.00553EPSS

OSV•added 2026/05/29 4:3 p.m.•13 views

RLSA-2026:19009 Important: postgresql18 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS6.3AI score0.00678EPSS

Exploits3References6

OSV•added 2026/05/29 4:3 p.m.•17 views

RLSA-2026:19064 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8.1CVSS7.7AI score0.01279EPSS

Exploits1References13

OSV•added 2026/05/29 4:3 p.m.•9 views

RLSA-2026:19024 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

8.8CVSS6.4AI score0.00838EPSS

Exploits0References8

OSV•added 2026/05/29 4:3 p.m.•12 views

RLSA-2026:19159 Critical: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Arbitrary Code Execution Vulnerability CVE-2026-42945 For more details about the security issues, including the impact, a CVSS...

8.1CVSS5.9AI score0.5331EPSS

Exploits39References2

OSV•added 2026/05/29 4:3 p.m.•7 views

RLSA-2026:19068 Moderate: systemd security update

The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes...

7.8CVSS6.2AI score0.00121EPSS

OSV•added 2026/05/29 4:3 p.m.•8 views

RLSA-2026:19069 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode...

7.5CVSS6.2AI score0.00289EPSS

Exploits0References6

OSV•added 2026/05/29 4:3 p.m.•8 views

RLSA-2026:18465 Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: EDK2: Improper Input Validation allows arbitrary command execution CVE-2025-2296 For more details about the security...

8.2CVSS6AI score0.00704EPSS