Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1621 matches found

EUVD
EUVDadded yesterday4 views

EUVD-2026-34177

A vulnerability has been found in mlrun up to 1.12.0-rc3. This impacts the function mlrun.utils.helpers.calculatedataframehash of the file mlrun/utils/helpers.py of the component DataFrame Hash Handler. The manipulation leads to use of weak hash. The attack can only be performed from a local...

3.6CVSS4.7AI score
Exploits0References7
Metasploit
Metasploitadded yesterday21 views

Gogs Git Rebase Argument Injection RCE

This module exploits an argument injection vulnerability in the pull request merge flow of Gogs is parsed by Git as the --exec flag rather than a positional argument, causing sh -c to run after each replayed commit during the rebase. Two exploitation methods are supported: - ownrepo: The attacker...

5.9AI score
Exploits0
Packet Storm
Packet Stormadded yesterday18 views

📄 Gogs Git Rebase Argument Injection / Remote Code Execution

This Metasploit module exploits an argument injection vulnerability in the pull request merge flow of Gogs versions less than or equal to 0.14.2 and less than or equal to 0.15.0+dev. frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source:...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2 days ago5 views

CVE-2026-10565

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...

3.1CVSS5AI score0.00041EPSS
Exploits0References8
EUVD
EUVDadded 2 days ago8 views

EUVD-2026-33871

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmmstatesecuritymode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack...

3.1CVSS5AI score0.00041EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2 days ago9 views

PT-2026-45683

A security flaw has been discovered in Open5GS up to 2.7.6. The impacted element is the function gmm state security mode of the file src/amf/gmm-sm.c of the component NGAP Handover. Performing a manipulation results in race condition. The attack can be initiated remotely. The complexity of an...

3.1CVSS5AI score0.00041EPSS
Exploits0References9
ATTACKERKB
ATTACKERKBadded 3 days ago4 views

CVE-2026-10300

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00047EPSS
Exploits0References6
NVD
NVDadded 3 days ago8 views

CVE-2026-45131

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS0.00033EPSS
Exploits0References2
CVE
CVEadded 3 days ago8 views

CVE-2026-45131

CloudPirates Open Source Helm Charts are affected by a vulnerability in the GitHub Actions pull-request.yaml workflow where attacker-controlled code from fork pull requests could run in a privileged context, exposing repository secrets (e.g., Docker Hub credentials/tokens). The issue precedes com...

10CVSS5.8AI score0.00033EPSS
Exploits0References2
Cvelist
Cvelistadded 3 days ago22 views

CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS0.00033EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 3 days ago5 views

CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS5.8AI score0.00033EPSS
Exploits0References2
EUVD
EUVDadded 3 days ago5 views

EUVD-2026-33666

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS5.8AI score0.00033EPSS
Exploits0References2
OSV
OSVadded 3 days ago2 views

PYSEC-2026-184

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00051EPSS
Exploits0References2
PyPA
PyPAadded 3 days ago3 views

PYSEC-2026-184

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00051EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 3 days ago6 views

PT-2026-45663

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/lora manager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lora path leads to reachable assertion. The attack can be launched...

6.3CVSS5.2AI score0.00047EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 3 days ago7 views

PT-2026-45467

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS5.8AI score0.00033EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 4 days ago7 views

PT-2026-45187

A security vulnerability has been detected in Aider-AI Aider 0.86.3. This affects the function requests.get of the file api docs.py of the component AWS EC2 Metadata Endpoint. The manipulation leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit has...

6.5CVSS6.2AI score0.00043EPSS
Exploits0References8
RedhatCVE
RedhatCVEadded 5 days ago8 views

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS6.3AI score0.00079EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 5 days ago8 views

CVE-2026-44358

Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspace after copying the fork's checkout into it, creating an untrusted search path for both binary...

8.2CVSS6AI score0.00029EPSS
Exploits0References1
NVD
NVDadded 6 days ago8 views

CVE-2026-10101

ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...

6.3CVSS0.00031EPSS
Exploits0References2
Rows per page
Query Builder