CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 4 days ago•33 views

CVE-2026-55443 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders

5.1CVSS0.0017EPSS

EUVD•added 4 days ago•6 views

EUVD-2026-38332

5.1CVSS5.9AI score0.0017EPSS

CVE•added 4 days ago•5 views

CVE-2026-55443

CVE-2026-55443 describes a path traversal / sandbox-escape flaw in LangChain prior to 1.3.9. The vulnerability arises when components that resolve filesystem paths or expand search patterns fail to confine results to a trusted root, allowing untrusted inputs (paths, globs, symlinks, or LLM-influe...

5.1CVSS5.9AI score0.0017EPSS

Snyk•added 2026/06/16 3:3 p.m.•6 views

Symlink Attack

Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path to the intended root...

6.9CVSS5.9AI score0.0017EPSS

Exploits0References3

HackRead•added 2026/06/08 4:56 p.m.•18 views

Hackers Clone Ghidra, dnSpy and Other Tool Sites to Spread Malware

Hackers are cloning Ghidra, dnSpy, ILSpy and other free tool sites to spread Malware like RemusStealer, crypto clippers and loaders through fake downloads...

5.5AI score

The Hacker News•added 2026/05/29 11:31 a.m.•19 views

New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in the Russian time zone,...

5.9AI score

Malwarebytes•added 2026/05/06 12:50 p.m.•6 views

Attackers adopt JavaScript runtime Bun to spread NWHStealer

In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers behind this stealer are continuously finding new methods to distribute the stealer. During our hunting activities, we noticed how attackers are using a JavaScript runtime called Bun to help distribut...

5.8AI score

The Hacker News•added 2026/04/08 7:47 a.m.•6 views

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling ..., while quietly functioning as...

6.2AI score

NVD•added 2026/04/06 4:16 p.m.•3 views

CVE-2026-34148

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote document loader and authenticated document loader without enforcing a maximum redirect count or...

7.5CVSS0.00551EPSS

Exploits1References5

Positive Technologies•added 2026/04/06 12:0 a.m.•2 views

PT-2026-30656

Name of the Vulnerable Software and Affected Versions: Fedify versions prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1 Description: Fedify does not enforce a maximum redirect count or visited-URL loop detection when following HTTP redirects in its remote and authenticated document loaders. An attacker...

7.5CVSS6AI score0.00551EPSS

Exploits1References10

Github Security Blog•added 2026/04/02 9:32 p.m.•6 views

Duplicate Advisory: OpenClaw: Windows media loaders accepted remote-host file URLs before local path validation

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-h3x4-hc5v-v2gm. This link is maintained to preserve external references. Original Description OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment...

7.6CVSS5.9AI score0.0026EPSS

Exploits0References6Affected Software1

EUVD•added 2026/04/01 6:36 p.m.•4 views

EUVD-2026-17915

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets that are treated as local content, bypassing intended...

NVD•added 2026/04/01 4:23 p.m.•4 views

Exploits0References6

CVE-2026-34510

6.9CVSS0.00319EPSS

Exploits0References5

Cvelist•added 2026/04/01 3:29 p.m.•16 views

CVE-2026-34510 OpenClaw < 2026.3.22 - Remote File URL Acceptance in Windows Media Loaders

6.9CVSS0.00319EPSS

Exploits0References5

CVE•added 2026/04/01 3:29 p.m.•11 views

CVE-2026-34510

OpenClaw before 2026.3.22 contains a path traversal vulnerability in Windows media loaders that accepts remote-host file URLs and UNC-style paths before local-path validation. Attackers can exploit this by providing network-hosted file targets treated as local content, bypassing access restrictio...

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/01 3:29 p.m.•2 views

CVE-2026-34510 OpenClaw < 2026.3.22 - Remote File URL Acceptance in Windows Media Loaders

Positive Technologies•added 2026/04/01 12:0 a.m.•4 views

Exploits0References5

PT-2026-29545