CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

50 matches found

CVE-2026-11420

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

10CVSS6.4AI score

Exploits0References2

CNNVD•added 2026/05/04 12:0 a.m.•6 views

Evolver 路径遍历漏洞

Evolver is an intelligent agent-based self-evolution tool developed by EvoMap. Versions of Evolver prior to 1.69.3 contained a path traversal vulnerability. This vulnerability stemmed from issues with path traversal in skill download commands, which could allow attackers to write files to any...

8.1CVSS5.8AI score0.0023EPSS

Exploits0References1

EUVD•added 2026/04/10 7:21 p.m.•2 views

EUVD-2026-21152

PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor memory/hooks.py...

9.3CVSS5.8AI score0.00035EPSS

Exploits1References2

ATTACKERKB•added 2026/04/09 9:14 p.m.•0 views

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

9.3CVSS6AI score0.00035EPSS

Exploits1References2Affected Software1

CVE•added 2026/04/09 9:14 p.m.•1 views

CVE-2026-40111

PraisonAIAgents memory/hooks.py allows OS command injection via a user-controlled string passed to subprocess.run() with shell=True before 1.5.128. No sanitization occurs, shell metacharacters are interpreted by /bin/sh, enabling execution of arbitrary commands. Two attack surfaces exist: pre_run...

9.3CVSS6AI score0.00035EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2026/04/01 12:0 a.m.•2 views

PT-2026-29498

Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...

7.1CVSS5.8AI score0.00087EPSS

Exploits0References4

Positive Technologies•added 2026/02/20 12:0 a.m.•6 views

PT-2026-20972

Name of the Vulnerable Software and Affected Versions Music Assistant versions 2.6.3 and below Description Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers ...

8.8CVSS6.1AI score0.00055EPSS

Exploits1References13

RedhatCVE•added 2026/01/09 10:34 a.m.•7 views

CVE-2017-18446

cPanel before 64.0.21 allows file-read and file-write operations for demo accounts via the SourceIPCheck API SEC-250...

6.5CVSS7AI score0.00333EPSS

Exploits0References1

Github Security Blog•added 2025/12/26 6:26 p.m.•6 views

Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

Impact In self-hosted n8n instances where the Code node runs in legacy non-task-runner JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. This allows a workflow editor to perform actions on the n8n host with...

7.1CVSS6.9AI score0.00014EPSS

Exploits0References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-6161

Malware in sbrugna...

9.8CVSS9.2AI score0.00433EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-20077

Malware in sbrugna...

7.5CVSS7.4AI score0.00358EPSS

Exploits0References2