CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

Cvelist•added 2026/03/23 7:49 a.m.•26 views

CVE-2026-3587 Hidden CLI Function Allows Root Access

An unauthenticated remote attacker can exploit a hidden function in the CLI prompt to escape the restricted interface, leading to full compromise of the device...

10CVSS0.00136EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-1479

Malicious code in bioql PyPI...

8.1CVSS8.4AI score0.05237EPSS

Exploits0References4

Vulnrichment•added 2024/05/31 2:24 p.m.•15 views

CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE

The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...

8.1CVSS8AI score0.05237EPSS

Exploits0References1

OSV•added 2023/11/07 5:15 a.m.•23 views

CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

6.1CVSS6.3AI score0.3892EPSS

Exploits2References2

OSV•added 2023/11/07 5:15 a.m.•2 views

DEBIAN-CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

6.1CVSS6.7AI score0.3892EPSS

Exploits2References1

UbuntuCve•added 2023/11/07 5:15 a.m.•19 views

CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

6.1CVSS6.9AI score0.3892EPSS

Exploits2References3

ATTACKERKB•added 2023/08/21 5:15 p.m.•1 views

CVE-2023-39660

An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function...

9.8CVSS6.2AI score0.00839EPSS

Exploits1References3

CNNVD•added 2023/08/21 12:0 a.m.•1 views

PandasAI 安全漏洞

PandasAI is a Python library that integrates generative AI functionality into pandas to make dataframes conversational. Gaberiele Venturi A security vulnerability exists in PandasAI v.0.8.0 and earlier versions, which stems from an arbitrary code execution vulnerability in the prompt function...

9.8CVSS9.1AI score0.00839EPSS

Exploits1References3

OSV•added 2022/03/14 7:15 p.m.•1 views

DEBIAN-CVE-2022-20001

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...

7.8CVSS7.8AI score0.0028EPSS

Exploits0References1

Prion•added 2017/01/17 9:59 a.m.•12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names...

3.5CVSS5.1AI score0.00141EPSS

Exploits1References2Affected Software1