CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Circl•added 2026/05/09 8:2 a.m.•4 views

CVE-2026-45316

creationtimestamp| type| source ---|---|--- 2026-05-09 08:02:53+00:00| published-proof-of-concept| https://github.com/open-webui/open-webui/security/advisories/GHSA-jx2x-j75f-xq3j...

3.5CVSS5.8AI score0.00011EPSS

Exploits1References1

Circl•added 2026/05/09 4:6 a.m.•5 views

CVE-2026-45311

creationtimestamp| type| source ---|---|--- 2026-05-09 04:06:06+00:00| published-proof-of-concept| https://github.com/Hmbown/DeepSeek-TUI/security/advisories/GHSA-wx44-2q6h-j6p8 2026-05-28 19:00:51+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwpgfojvr2c 2026-05-28...

9.6CVSS5.7AI score0.00047EPSS

Exploits0References3

Circl•added 2026/05/09 4:5 a.m.•5 views

CVE-2026-45310

creationtimestamp| type| source ---|---|--- 2026-05-09 04:05:43+00:00| published-proof-of-concept| https://github.com/Hmbown/DeepSeek-TUI/security/advisories/GHSA-96ff-gc8g-wpvg...

7.4CVSS5.8AI score0.00034EPSS

Wolfi•added 2026/05/09 2:21 a.m.•10 views

GHSA-5M4P-2GJX-P2G8 vulnerabilities

Vulnerabilities for packages: rabbitmq-cluster-operator, helm-operator, authservice, calico, nfpm, delve, cert-exporter, cloudnative-pg, argo-cd, harbor, victoriametrics-cluster, node-problem-detector, aactl, crossplane, kbld, croc, secrets-store-csi-driver-provider-azure, sftpgo-plugin-pubsub,...

NVD•added 2026/05/08 11:16 p.m.•7 views

CVE-2026-42298

Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow .github/workflows/pr-docker-build.yml allows any unauthenticated user to execute arbitrary code during the Docker build process and exfiltrate a...

10CVSS0.00197EPSS

Exploits0References2

ATTACKERKB•added 2026/05/08 10:24 p.m.•2 views

CVE-2026-42298

10CVSS6.1AI score0.00197EPSS

Exploits0References3

CVE•added 2026/05/08 10:24 p.m.•8 views

CVE-2026-42298

CVE-2026-42298 affects Postiz (AI social media scheduling tool). The issue arises in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml), where an unauthenticated user can cause arbitrary code execution during Docker image build by submitting a fork with a malic...

10CVSS6.1AI score0.00197EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/08 10:24 p.m.•5 views

CVE-2026-42298 Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev

10CVSS6.1AI score0.00197EPSS

Exploits0References2

Circl•added 2026/05/08 8:10 p.m.•3 views

GHSA-H9HM-M2XJ-4RQ9

creationtimestamp| type| source ---|---|--- 2026-05-08 20:10:29+00:00| seen| https://gist.github.com/alon710/b2fb36b6ecfecf3424b0cb12c54264f5...

5.8AI score

Circl•added 2026/05/08 7:10 p.m.•2 views

GHSA-MPM8-CX2P-626Q

creationtimestamp| type| source ---|---|--- 2026-05-08 19:10:29+00:00| seen| https://gist.github.com/alon710/81381888e21682cdeae4882d5cd6667d...

5.8AI score

OSV•added 2026/05/08 5:6 p.m.•7 views

GHSA-95C3-6VVW-4MRQ MCP Registry's GitHub OIDC tokens are replayable across registry deployments due to shared audience

SECURITY registry001 Vulnerability Report While analyzing the code logic, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: c5c4b9e8890dd5754bee889b2f1417f4fe3b5ce5 - Vulnerability Type: Authentication bypass via cross-registry OID...

4.7CVSS5.8AI score0.00012EPSS

Exploits0References6

NVD•added 2026/05/08 2:16 p.m.•7 views

CVE-2026-44334

PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAIALLOWLOCALTOOLS=true in two files toolresolver.py, api/call.py. A third import sink in praisonai/templates/tooloverride.py was missed and remains...

8.4CVSS0.00008EPSS

Exploits2References1

Wolfi•added 2026/05/08 1:48 p.m.•11 views

GHSA-XX64-WWV2-HCQQ vulnerabilities

Vulnerabilities for packages: pixi, uv...

Wolfi•added 2026/05/08 1:48 p.m.•7 views

GHSA-FP55-JW48-C537 vulnerabilities

Vulnerabilities for packages: pixi, uv...

Wolfi•added 2026/05/08 1:48 p.m.•6 views

GHSA-PP6C-GR5W-3C5G vulnerabilities

Vulnerabilities for packages: semgrep, airflow, reflex...

Chainguard•added 2026/05/08 1:17 p.m.•6 views

GHSA-2C5C-CHWR-9HQW vulnerabilities

Vulnerabilities for packages: opensearch, spark-kubernetes-operator-fips, spark, camunda-zeebe, apache-hop-fips, druid, spark-fips, camunda, spark-kubernetes-operator, apache-hop, trino...

The Hacker News•added 2026/05/08 11:0 a.m.•12 views

Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise

A previously undocumented Linux implant codenamed Quasar Linux RAT QLNX is targeting developers' systems to establish a silent foothold as well as facilitate a broad range of post-compromise functionality, such as credential harvesting, keylogging, file manipulation, clipboard monitoring, and...

6.1AI score

Chainguard•added 2026/05/08 7:18 a.m.•4 views

GHSA-P3HW-MV63-RF9W vulnerabilities

Vulnerabilities for packages: cargo-audit, jujutsu...

Chainguard•added 2026/05/08 7:18 a.m.•6 views

GHSA-P334-GFHQ-C7W6 vulnerabilities

Vulnerabilities for packages: jenkins...

5.8AI score