CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16996 matches found

Snyk•added 2026/03/06 10:21 p.m.•1 views

Missing Authentication for Critical Function

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the WHITELISTURLS configuration, which allows unauthenticated access to privileged endpoints under /api/v1/nvidia-nim/. An attacker can obtain valid NVIDIA A...

9.8CVSS5.8AI score0.3625EPSS

Exploits2References2

OSV•added 2026/03/06 10:16 p.m.•5 views

UBUNTU-CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.7AI score0.00328EPSS

Exploits0References7

EUVD•added 2026/03/06 9:30 p.m.•3 views

EUVD-2025-208350

A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...

5.8AI score0.00284EPSS

Exploits1References2

UbuntuCve•added 2026/03/06 8:16 p.m.•2 views

CVE-2025-69654

7.5CVSS5.8AI score0.00284EPSS

Exploits1References2

OSV•added 2026/03/06 8:16 p.m.•2 views

UBUNTU-CVE-2025-69654

7.5CVSS5.8AI score0.00284EPSS

Exploits1References3

ATTACKERKB•added 2026/03/06 5:48 p.m.•2 views

CVE-2026-29091

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

8.1CVSS6.3AI score0.00628EPSS

Exploits1References3Affected Software1

The Hacker News•added 2026/03/06 2:33 p.m.•11 views

Multi-Stage VOID#GEIST Malware Delivering XWorm, AsyncRAT, and Xeno RAT

Cybersecurity researchers have disclosed details of a multi-stage malware campaign that uses batch scripts as a pathway to deliver various encrypted remote access trojan RATs payloads that correspond to XWorm, AsyncRAT, and Xeno RAT. The stealthy attack chain has been codenamed VOIDGEIST by...

6.1AI score

Exploits0

The Hacker News•added 2026/03/06 10:23 a.m.•16 views

Iran-Linked MuddyWater Hackers Target U.S. Networks With New Dindoor Backdoor

New research from Broadcom's Symantec and Carbon Black Threat Hunter Team has discovered evidence of an Iranian hacking group embedding itself in several U.S. companies' networks, including banks, airports, non-profit, and the Israeli arm of a software company. The activity has been attributed to...

10CVSS7.2AI score0.99998EPSS

Exploits44

RedhatCVE•added 2026/03/06 7:55 a.m.•5 views

CVE-2025-70995

An issue in Aranda Service Desk Web Edition ASDK API 8.6 allows authenticated attackers to achieve remote code execution due to improper validation of uploaded files. An authenticated user can upload a crafted web.config file by sending a crafted POST request to /ASDKAPI/api/v8.6/item/addfile,...

8.8CVSS6.6AI score0.00612EPSS

Exploits0References1

NVD•added 2026/03/06 7:16 a.m.•8 views

CVE-2026-29042

Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes user-supplied arguments. When a function is invoked via HTTP, the runtime reads the...

9.8CVSS0.02359EPSS

Exploits1References4

OSV•added 2026/03/06 7:16 a.m.•5 views

UBUNTU-CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

6.9CVSS5.7AI score0.00399EPSS

Exploits0References6

Snyk•added 2026/03/06 7:14 a.m.•4 views

Malicious Package

Overview @maps-bc/runtime is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score

Exploits0References2

Vulnrichment•added 2026/03/06 6:57 a.m.•4 views

CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

9.3CVSS5.7AI score0.02359EPSS

Exploits1References4

ATTACKERKB•added 2026/03/06 6:57 a.m.•5 views

CVE-2026-29042

9.3CVSS5.7AI score0.02359EPSS

Exploits1References5Affected Software1

OSV•added 2026/03/06 6:57 a.m.•5 views

CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

9.3CVSS5.7AI score0.02359EPSS

Exploits1References6

CVE•added 2026/03/06 6:57 a.m.•11 views

CVE-2026-29042

Technical details about CVE-2026-29042 are not publicly available in the provided connected documents; the included SUSE/PTSecurity items do not discuss Nuclio. Monitor for updates.

9.8CVSS5.9AI score0.02359EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/03/06 6:57 a.m.•32 views

CVE-2026-29042 Nuclio Shell Runtime Command Injection Leading to Privilege Escalation

9.3CVSS0.02359EPSS

Exploits1References4

Redos•added 2026/03/06 12:0 a.m.•3 views

ROS-20260306-73-0005

A vulnerability in the bpfprogselectruntime function of the kernel/bpf/core.c file of the Linux operating system kernel is related to resource management errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.8CVSS5.8AI score0.00175EPSS

Exploits0

Cvelist•added 2026/03/06 12:0 a.m.•31 views

CVE-2025-69654

0.00284EPSS

Exploits1References1

ATTACKERKB•added 2026/03/06 12:0 a.m.•3 views

CVE-2025-69654

5.8AI score0.00284EPSS

Exploits1References2

Rows per page