CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11953 matches found

Vulnrichment•added 2026/06/12 9:56 p.m.•5 views

CVE-2026-53827 OpenClaw < 2026.5.2 - Credential Exposure via Model-Supplied Loopback URLs in message.action Forwarding

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by...

6.5CVSS5.3AI score0.00254EPSS

Exploits0References2

GithubExploit•added 2026/06/12 9:37 p.m.•52 views

ember

🔥 Ember AI systems burn brightly but hide their secrets. Em...

5.3AI score

Exploits0

The Hacker News•added 2026/06/12 7:33 p.m.•23 views

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit

Attackers took over more than 400 packages in the Arch User Repository AUR this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF...

5.6AI score

Exploits0

Github Security Blog•added 2026/06/12 6:30 p.m.•11 views

nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: no-store

internal/api/mobilebundle.go:62-66 sets only Content-Type: application/yaml. The Web-UI sibling at internal/web/handlers.go:1316-1321 sets Cache-Control: no-store, Pragma: no-cache, Expires: 0, X-Content-Type-Options: nosniff — and has a test asserting it. The API path was missed. Affected All...

5.3AI score

Exploits0References3Affected Software1

OSV•added 2026/06/12 4:54 p.m.•1 views

MINI-V323-G5R5-P3V6

Bulletin has no description...

8.7CVSS5AI score0.00469EPSS

Exploits0

OSV•added 2026/06/12 4:53 p.m.•4 views

MINI-V44J-6957-MX64

Bulletin has no description...

3.7CVSS5AI score0.00247EPSS

Exploits0

OSV•added 2026/06/12 4:45 p.m.•4 views

MINI-WCGW-R388-X693

Bulletin has no description...

8.7CVSS4.9AI score0.00469EPSS

Exploits0

OSSF Malicious Packages•added 2026/06/12 3:24 p.m.•9 views

Malicious code in web-model-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d2c385c177531c421e5a49f41d931890a48c16c921b23cc20f2bf4cd8fae893 On npm install, postinstall.js sends an HTTPS POST to https://ddactic-lab.online/sc/beacon carrying the package name/version, Node version, OS,...

5.4AI score

Exploits0References2

OSV•added 2026/06/12 3:24 p.m.•10 views

MAL-2026-5697 Malicious code in web-model-bridge (npm)

5.5AI score

Exploits0References2

Cvelist•added 2026/06/12 3:16 p.m.•28 views

CVE-2026-45833

A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

9.4CVSS0.00294EPSS

Exploits0References1

Vulnrichment•added 2026/06/12 3:16 p.m.•8 views

CVE-2026-45833

9.4CVSS5.8AI score0.00294EPSS

Exploits0References1

EUVD•added 2026/06/12 3:16 p.m.•15 views

EUVD-2026-36484

9.4CVSS5.8AI score0.00294EPSS

Exploits0References1

CVE•added 2026/06/12 3:16 p.m.•19 views

CVE-2026-45833

CVE-2026-45833 affects the ChromaDB Python project (version 0.4.17 and later). The issue is a code injection vulnerability where an authenticated attacker can execute arbitrary code on the server by supplying a malicious model repository and setting trust_remote_code to true in the API path /api/...

9.4CVSS5.8AI score0.00294EPSS

Exploits0References1Affected Software1

The Hacker News•added 2026/06/12 12:4 p.m.•22 views

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code

Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence AI coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted usi...

6.6AI score

Exploits0

OSV•added 2026/06/12 1:9 a.m.•2 views

MINI-M85G-5X6X-3HP6

Bulletin has no description...

5.6CVSS6.7AI score0.00348EPSS

Exploits1

Positive Technologies•added 2026/06/12 12:0 a.m.•11 views

PT-2026-48898

Name of the Vulnerable Software and Affected Versions ChromaDB versions 0.4.17 through 0.4.16 Description An authenticated attacker with the UPDATE COLLECTION permission can execute arbitrary code on the server. This occurs by sending a malicious model repository and setting the trust remote code...

9.4CVSS5.9AI score0.00294EPSS

Exploits0References4

Positive Technologies•added 2026/06/12 12:0 a.m.•8 views

PT-2026-49031

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An issue in message.action forwarding allows model-controlled metadata to forward action payloads containing Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept...

6.5CVSS5.2AI score0.00254EPSS

Exploits0References4

OSV•added 2026/06/11 11:55 p.m.•2 views

MINI-G255-XXR7-QQJW

Bulletin has no description...

9.1CVSS5.2AI score0.00299EPSS

Exploits0

OSV•added 2026/06/11 11:29 p.m.•3 views

MINI-2C48-JXPP-W45G

Bulletin has no description...

6.5CVSS5.2AI score0.0034EPSS

Exploits0