Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/19 8:4 p.m.5 views

GHSA-6X44-W3XG-HQQF Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

9.1CVSS5.9AI score0.0003EPSS
Exploits0References9
NVD
NVDadded 2026/05/04 7:16 p.m.6 views

CVE-2026-42231

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS0.00851EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/04 6:30 p.m.4 views

CVE-2026-42231

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the xml2js library used to parse XML request bodies in n8n's webhook handler allowed prototype pollution via a crafted XML payload. An authenticated user with permission to create or modi...

9.4CVSS6.4AI score0.00851EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/03/09 7:52 p.m.4 views

OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots

Summary system.run env override sanitization allowed dangerous override-only helper-command pivots to reach subprocesses. A caller who could invoke system.run with env overrides could bypass allowlist/approval intent by steering an allowlisted tool through helper-command or config-loading...

5.9AI score
Exploits0References4Affected Software1
Snyk
Snykadded 2025/12/18 11:20 p.m.2 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GITSSHCOMMAND command. An attacker can execute arbitrary code and gain full control over the system by remotely overwriting configuration files. Remediation Upgrade Weblate to version 5.15.1 or higher...

9.1CVSS7.8AI score0.00489EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2024/08/09 12:0 a.m.8 views

FreeBSD : soft-serve -- Remote code execution vulnerability (8c342a6c-563f-11ef-a77e-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 8c342a6c-563f-11ef-a77e-901b0e9408dc advisory. soft-serve team reports: Arbitrary code execution by crafting git ssh requests It is possible for a use...

8.1CVSS6.4AI score0.00509EPSS
Exploits0References3
FreeBSD
FreeBSDadded 2024/08/01 12:0 a.m.11 views

soft-serve -- Remote code execution vulnerability

soft-serve team reports: Arbitrary code execution by crafting git ssh requests It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git...

8.1CVSS8.4AI score0.00509EPSS
Exploits0References1
Rows per page
Query Builder