CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

429 matches found

CVE-2026-12537 Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS

Exploits0References1

RedHat Linux•added 2026/05/28 1:35 p.m.•10 views

kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr

In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in security.ima and then...

5.8AI score0.00168EPSS

Exploits0References5

Positive Technologies•added 2026/03/04 12:0 a.m.•5 views

PT-2026-23109

Name of the Vulnerable Software and Affected Versions Drupal File Access Fix deprecated versions prior to 1.2.0 Description The File Access Fix module deprecated contains an authorization flaw that could allow forceful browsing of files. The module manages file storage based on entity access...

5.8AI score0.00256EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 11:24 a.m.•9 views

CVE-2021-31817

When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext...

7.5CVSS7.7AI score0.00858EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:43 a.m.•8 views

CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths...

9.1CVSS7AI score0.50993EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:14 a.m.•6 views

CVE-2019-2251

If a bitmap file is loaded from any un-authenticated source, there is a possibility that the bitmap can potentially cause stack buffer overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

7.8CVSS7.4AI score0.00221EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:54 a.m.•8 views

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

8.1CVSS6.7AI score0.01441EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:38 a.m.•8 views

CVE-2019-18342

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The SFTP service default port 22/tcp of the Control Center Server CCS does not properly limit its capabilities to the specified purpose. In conjunction with CVE-2019-18341, an unauthenticated remote attacker wit...

9.9CVSS6.8AI score0.02126EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:49 a.m.•6 views

CVE-2022-27811

GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename...

9.8CVSS7.4AI score0.03008EPSS

Exploits1References1