Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
đŸ”„ Daily Hot!
đŸ’ȘđŸœ CPE Enhanced Advisories
đŸ•¶ Shadow Exploits
đŸ•”đŸŒ Vulners CPE
🔐 Security news
đŸ’» Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
đŸ€– AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVE‱added 2026/04/23 7:58 p.m.‱4 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS7.6AI score0.8071EPSS
Exploits11References1
EUVD
EUVD‱added 2026/04/09 5:16 p.m.‱2 views

EUVD-2026-20980

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.8071EPSS
Exploits11References3
ATTACKERKB
ATTACKERKB‱added 2026/04/09 5:16 p.m.‱3 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.8071EPSS
Exploits11References4Affected Software1
CVE
CVE‱added 2026/04/09 5:16 p.m.‱36 views

CVE-2026-39987

CVE-2026-39987 — Marimo WebSocket terminal endpoint unauthenticated pre-auth RCE. The vulnerability resides in the terminal WebSocket at /terminal/ws, which accepts connections without authenticating, unlike the /ws endpoint that invokes validate_auth(). An unauthenticated client can obtain a ful...

9.8CVSS6.2AI score0.8071EPSS
In wildExploits11References5Affected Software1
VulnCheck KEV
VulnCheck KEV‱added 2026/04/09 12:0 a.m.‱18 views

VulnCheck KEV: CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS6.1AI score0.8071EPSS
In wildExploits11References4
CNNVD
CNNVD‱added 2026/04/09 12:0 a.m.‱2 views

marimo èźżé—źæŽ§ćˆ¶é”™èŻŻæŒæŽž

Marimo is an open-source interactive Python notebook that supports reactive programming and SQL queries. Versions of Marimo prior to 0.23.0 contained a access control vulnerability. This vulnerability stemmed from the lack of authentication for the terminal WebSocket endpoint, allowing...

9.8CVSS7.6AI score0.8071EPSS
Exploits11References4
Exploit DB
Exploit DB‱added 2017/03/23 12:0 a.m.‱149 views

A Red Teamer’s guide to pivoting

A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...

7.8CVSS8AI score0.20809EPSS
Exploits8
Rows per page
Query Builder