CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

45 matches found

GithubExploit•added 2026/05/16 10:13 p.m.•65 views

bun-archive-traversal-poc

Bun Archive Extraction Traversal PoCs Target: oven-sh/bun...

5.9AI score

Exploits0

OSV•added 2026/05/06 10:8 p.m.•5 views

GHSA-Q9PW-VMHH-384G PraisonAI has an SSRF bypass

Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI project uses validateurl to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by...

9.8CVSS5.9AI score0.00378EPSS

Exploits1References3

OSV•added 2026/03/21 1:17 a.m.•2 views

CVE-2026-32044

OpenClaw versions prior to 2026.3.2 contain an archive extraction vulnerability in the tar.bz2 installer path that bypasses safety checks enforced on other archive formats. Attackers can craft malicious tar.bz2 skill archives to bypass special-entry blocking and extracted-size guardrails, causing...

5.5CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/03/02 10:40 p.m.•16 views

OpenClaw has Zip Slip path traversal in tar archive extraction

Summary OpenClaw versions before 2026.2.14 did not sufficiently validate TAR archive entry paths during extraction. A crafted archive could use path traversal sequences for example ../../... to write files outside the intended destination directory Zip Slip. Affected Packages / Versions - Package...

9.8CVSS6AI score0.00409EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2026/01/07 9:26 a.m.•6 views

CVE-2019-12841

Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2...

7.5CVSS7AI score0.01125EPSS

Exploits0References1

IBM Security Bulletins•added 2025/12/09 2:5 p.m.•8 views

Security Bulletin: IBM Edge Data Collector uses django-4.2.24-py3-none-any.whl which is vulnerable to CVE-2025-59681, CVE-2025-59682.

Summary IBM Edge Data Collector uses django-4.2.24-py3-none-any.whl which is vulnerable to CVE-2025-59681, CVE-2025-59682. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-59681 DESCRIPTION: An issue was discovered in Django 4.2 before 4.2.25,...

9.8CVSS7.7AI score0.00863EPSS

Exploits0Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-0666

Malware in sbrugna...

5.5CVSS5.8AI score0.10051EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-1587

Malware in sbrugna...

7.5CVSS7.4AI score0.01392EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2021-11289

Malware in sbrugna...

8.1CVSS7.8AI score0.01183EPSS

Exploits2References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-0076

Malware in sbrugna...

7.5CVSS6.9AI score0.16723EPSS

Exploits0References18

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-11021

Malware in sbrugna...

7.8CVSS8.1AI score0.01228EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-14342

Malware in sbrugna...

8.3CVSS8.4AI score0.01519EPSS

Exploits0References4

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-51275