Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/04/23 7:58 p.m.7 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References1
EUVD
EUVDadded 2026/04/09 5:16 p.m.3 views

EUVD-2026-20980

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.95645EPSS
Exploits11References3
ATTACKERKB
ATTACKERKBadded 2026/04/09 5:16 p.m.3 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.95645EPSS
Exploits11References4Affected Software1
CVE
CVEadded 2026/04/09 5:16 p.m.65 views

CVE-2026-39987

CVE-2026-39987 — Marimo WebSocket terminal endpoint unauthenticated pre-auth RCE. The vulnerability resides in the terminal WebSocket at /terminal/ws, which accepts connections without authenticating, unlike the /ws endpoint that invokes validate_auth(). An unauthenticated client can obtain a ful...

9.8CVSS6.2AI score0.95645EPSS
In wildExploits11References5Affected Software1
VulnCheck KEV
VulnCheck KEVadded 2026/04/09 12:0 a.m.21 views

VulnCheck KEV: CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS6.1AI score0.95645EPSS
In wildExploits11References4
CNNVD
CNNVDadded 2026/04/09 12:0 a.m.4 views

marimo 访问控制错误漏洞

Marimo is an open-source interactive Python notebook that supports reactive programming and SQL queries. Versions of Marimo prior to 0.23.0 contained a access control vulnerability. This vulnerability stemmed from the lack of authentication for the terminal WebSocket endpoint, allowing...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References4
Exploit DB
Exploit DBadded 2017/03/23 12:0 a.m.152 views

A Red Teamer’s guide to pivoting

A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...

7.8CVSS8AI score0.03631EPSS
Exploits8
Rows per page
Query Builder