CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/12 4:22 p.m.•6 views

EUVD-2026-29539

8.4CVSS5.8AI score0.00151EPSS

Vulnrichment•added 2026/05/12 4:22 p.m.•6 views

CVE-2026-43990 JunoClaw: plugin-shell shell-metacharacter injection via shell wrapper

8.4CVSS5.8AI score0.00151EPSS

ATTACKERKB•added 2026/05/12 4:21 p.m.•6 views

CVE-2026-43989

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the uploadwasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability is...

8.5CVSS5.8AI score0.00147EPSS

Exploits0References4Affected Software1

EUVD•added 2026/05/12 4:21 p.m.•6 views

EUVD-2026-29538

8.5CVSS5.8AI score0.00147EPSS

EUVD•added 2026/05/12 4:19 p.m.•9 views

EUVD-2026-29540

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion...

8.4CVSS5.9AI score0.00171EPSS

Exploits0References2

CVE•added 2026/05/12 4:19 p.m.•12 views

CVE-2026-43991

The CVE-2026-43991 issue affects JunoClaw: a plugin-shell command-safety check used by the Juno Network agent. The root cause is a substring-based blocklist that was applied to the raw command string rather than the parsed first token, enabling bypass via adversarial argument constructions and po...

8.4CVSS5.9AI score0.00171EPSS

Exploits0References2

ATTACKERKB•added 2026/05/12 4:19 p.m.•6 views

CVE-2026-43991

8.4CVSS5.9AI score0.00171EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/12 12:0 a.m.•17 views

PT-2026-40101

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved to, with no validation of location, symlink target, file size, or file format. This vulnerability i...

8.5CVSS5.8AI score0.00147EPSS

Exploits0References4

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-179502

Malicious code in cross-env-cybernetics-juno-iota npm...

EUVD•added 2025/11/13 3:23 a.m.•5 views

EUVD-2025-177682

Malicious code in nebula-delphinus-planckscale-juno npm...

EUVD•added 2025/11/13 3:23 a.m.•5 views

EUVD-2025-179802

Malicious code in chai-juno-eleventy-hydrogeology npm...

EUVD•added 2025/11/13 3:23 a.m.•3 views

EUVD-2025-177801

Malicious code in miranda-nestjs-void-juno npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-178550

Malicious code in hercules-config-juno-void npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176585

Malicious code in run-script-juno-supernova-commitlint npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in cross-env-cybernetics-juno-iota (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84e927b05908edd9f55a265b28a707a8243c20578740178fe8e88c376112d958 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-178245

Malicious code in juno-pyxis-barnard-perturbation npm...