CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

47 matches found

CVE-2026-53872

picklescan before 0.0.35 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. Attackers can bypass RCE-focused blocklists to exfiltrate sensitive data like /etc/passwd to externa...

8.7CVSS0.00509EPSS

Exploits0References2

CVE•added last week•9 views

CVE-2026-53872

The CVE-2026-53872 entry covers picklescan (pre-0.0.35) with an unsafe pickle deserialization flaw that allows unauthenticated attackers to read arbitrary server files by chaining io.FileIO and urllib.request.urlopen. This leads to potential exposure of sensitive data (e.g., /etc/passwd) despite ...

8.7CVSS5.6AI score0.00509EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:49 p.m.•9 views

CVE-2026-30624

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the...

8.6CVSS6.9AI score0.00405EPSS

Exploits0References1

Vulnrichment•added 2026/04/24 3:21 a.m.•3 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.18.0-rc1, 1.17.2-rc1, and 1.16.4, Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has n...

8.1CVSS5.2AI score0.0056EPSS

Exploits1References4

Cvelist•added 2026/04/24 3:21 a.m.•28 views

CVE-2026-41323 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

8.1CVSS0.0056EPSS

Exploits1References4

CVE•added 2026/04/24 3:21 a.m.•10 views

CVE-2026-41323

Summary of CVE-2026-41323 : Kyverno’s ClusterPolicy apiCall feature leaks the admission controller’s ServiceAccount token by attaching it to outgoing HTTP requests without validating the target URL. This allows tokens (e.g., for the kyverno-admission-controller) to be exfiltrated to attacker-cont...

9.1CVSS5.7AI score0.0056EPSS

Exploits1References4Affected Software1

OSV•added 2026/04/16 9:36 p.m.•4 views

GHSA-F9G8-6PPC-PQQ4 Kyverno: ServiceAccount token leaked to external servers via apiCall service URL

Summary Kyverno's apiCall feature in ClusterPolicy automatically attaches the admission controller's ServiceAccount token to outgoing HTTP requests. The service URL has no validation — it can point anywhere, including attacker-controlled servers. Since the admission controller SA has permissions ...

8.1CVSS5.8AI score0.0056EPSS

Exploits1References6

EUVD•added 2026/04/15 6:31 p.m.•4 views

EUVD-2026-22943

8.6CVSS6.6AI score0.00405EPSS

Exploits0References2

NVD•added 2026/04/15 4:16 p.m.•5 views

CVE-2026-30624

8.6CVSS0.00405EPSS

Exploits0References1

Vulnrichment•added 2026/04/15 12:0 a.m.•3 views

CVE-2026-30624

6.6AI score0.00405EPSS

Exploits0References1

Spring Security Advisories•added 2026/02/10 12:0 a.m.•6 views

This Week in Spring - February 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's February 10th, 2026, as I write this from lovely London, UK. I spoke at the local Java User Group here last night, had a wonderful time. Tomorrow, I'm going home. It's been fun, but it's time to conclude this roller...

5.6AI score

Exploits0

RedhatCVE•added 2026/01/09 11:25 a.m.•4 views

CVE-2021-28910

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 contains basic SSRF vulnerability. It allow unauthenticated attackers to request to any internal and external server...

7.5CVSS7.1AI score0.01129EPSS

Exploits0References1

Tenable Nessus•added 2025/10/28 12:0 a.m.•3 views

TencentOS Server 4: netavark (TSSA-2025:0782)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0782 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

3.7CVSS5.5AI score0.00278EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2025-22934

Malicious code in bioql PyPI...

3.7CVSS6.3AI score0.00278EPSS

Exploits0References7

Packet Storm News•added 2025/09/17 12:0 a.m.•4 views

The Cybersecurity of a Humanoid Robot

The rapid advancement of humanoid robotics presents unprecedented cybersecurity challenges that existing theoretical frameworks fail to adequately address. This report presents a comprehensive security assessment of a production humanoid robot platform, bridging the gap between abstract security...

7.2AI score

Exploits0

Positive Technologies•added 2025/09/09 12:0 a.m.•4 views

PT-2025-36901

Name of the Vulnerable Software and Affected Versions: Lexmark devices affected versions not specified Description: A Server-Side Request Forgery SSRF vulnerability exists in the embedded web server of Lexmark devices. An attacker can exploit this issue to make the device send an arbitrary HTTP...

6.9CVSS6.2AI score0.0031EPSS

Exploits0References4

SUSE CVE•added 2025/07/29 11:27 p.m.•3 views

SUSE CVE-2025-8283

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be us...

3.7CVSS6.8AI score0.00278EPSS

Exploits0References3