CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

58579 matches found

Wolfi•added 2026/05/22 7:48 p.m.•21 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: dagger, kargo, k3s, helm-push, trivy, teleport, grype, kubevela, rancher, trivy-operator, xeol, helm-operator, zarf, docker, docker-compose, helm-mapkubeapis, gogatekeeper, helm-set-status, gatekeeper, osv-scanner, opa-envoy, helm, opa, headlamp, spegel, wolfictl, tw...

5.8AI score0.00019EPSS

Exploits1

Wolfi•added 2026/05/22 7:48 p.m.•22 views

GHSA-FQW6-GF59-QR4W vulnerabilities

5.8AI score

Exploits0

Chainguard•added 2026/05/22 7:17 p.m.•11 views

CVE-2026-46680 vulnerabilities

Vulnerabilities for packages: trivy, kubescape-operator-fips, datadog-agent, newrelic-infrastructure-agent, livekit-cli, neuvector-scanner, scorecard, manifest-tool, opa, docker-compose, gogatekeeper, kubescape-server, eks-node-monitoring-agent, kaniko-fips, opa-fips-envoy, google-osconfig-agent,...

5.8AI score0.00019EPSS

Exploits1

NVD•added 2026/05/22 2:16 p.m.•7 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS0.00552EPSS

Exploits1References5

Cvelist•added 2026/05/22 1:22 p.m.•22 views

CVE-2026-9277 shell-quote `quote()` does not validate object-token shapes, allowing command injection via line terminators in `.op`

9.2CVSS0.00552EPSS

Exploits1References4

Positive Technologies•added 2026/05/22 12:0 a.m.•11 views

PT-2026-42766

Name of the Vulnerable Software and Affected Versions shell-quote versions prior to 1.8.4 Description The quote function fails to validate object-token inputs against the operator model used by parse. Specifically, the .op field is escaped using a regular expression that does not match line...

9.2CVSS5.8AI score0.00552EPSS

Exploits1References30

vulnersOsv•added 2026/05/21 4:36 p.m.•3 views

org.open-metadata:openmetadata-dist (>=0.12.1 <=DEMO_BETA1), org.open-metadata:openmetadata-k8s-operator (>=1.12.0 <=1.12.3) +2 more potentially affected by CVE-2026-46481 via org.open-metadata:openmetadata-service (>=DEMO_BETA1 <=1.12.3)

org.open-metadata:openmetadata-service MAVEN version =DEMOBETA1, =0.12.1, =1.12.0, =1.10.0, =1.12.3 - org.open-metadata:openmetadata-ui =0.12.1.preview Source cves: CVE-2026-46481 Source advisory: OSV:GHSA-9VMH-WHC4-7PHG...

8.3CVSS5.4AI score0.00241EPSS

Exploits0

OSSF Malicious Packages•added 2026/05/21 8:17 a.m.•9 views

Malicious code in oh-langfuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83b229927c5bc228764ab11651b10bd06c6ff61edffa820a632c343aeec13037 The package configures Langfuse tracing for Claude Code, Codex, and OpenCode. When the operator runs the bundled CLI without explicitly overriding...

5.5AI score

Exploits0References18

OSV•added 2026/05/21 8:13 a.m.•9 views

CLEANSTART-2026-TL66481 Security fixes for CVE-2024-24786, CVE-2024-35255, CVE-2025-22868, CVE-2025-61726, CVE-2025-61728, CVE-2025-61730, CVE-2025-61732, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-27143, CVE-2026-27144, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-40179, CVE-2026-42151, CVE-2026-42154, CVE-2026-42499, CVE-2026-42501, CVE-2026-44903, ghsa-8rm2-7qqf-34qm, ghsa-fw8g-cg8f-9j28, ghsa-vffh-x6r8-xx99, ghsa-wg65-39gg-5wfj applied in versions: 0.69.1-r0, 0.69.1-r1, 0.87.1-r0, 0.89.0-r0