Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

106037 matches found

RedhatCVE
RedhatCVEadded 2026/05/05 8:21 p.m.4 views

CVE-2026-41923

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter. Attackers can exploit...

9.3CVSS6.1AI score0.00689EPSS
Exploits0References1
NVD
NVDadded 2026/05/05 12:16 p.m.5 views

CVE-2026-43529

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2.5CVSS0.00013EPSS
Exploits0References3
NVD
NVDadded 2026/05/05 12:16 p.m.5 views

CVE-2023-54345

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS0.0011EPSS
Exploits1References8
ATTACKERKB
ATTACKERKBadded 2026/05/05 11:25 a.m.0 views

CVE-2026-43529

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2.5CVSS5.8AI score0.00013EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/05 11:25 a.m.30 views

CVE-2026-43529 OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2.5CVSS0.00013EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/05 11:25 a.m.3 views

CVE-2026-43529 OpenClaw < 2026.4.10 - Time-of-Check-Time-of-Use (TOCTOU) Race Condition in exec Script Preflight Validator

OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacker with workspace write access can race-condition swap the target file between validation and...

2.5CVSS5.8AI score0.00013EPSS
Exploits0References3
CVE
CVEadded 2026/05/05 11:25 a.m.8 views

CVE-2026-43529

OpenClaw before 2026.4.10 has a time-of-check-time-of-use (TOCTOU) race condition in validateScriptFileForShellBleed that lets a local attacker with workspace write access bypass workspace boundary checks. The attacker can race-condition the target file swap between validation and preflight read,...

2.5CVSS5.8AI score0.00013EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/05 11:24 a.m.3 views

CVE-2023-54349 AmazCart CMS 3.4 Reflected Cross-Site Scripting via Search

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...

6.1CVSS5.9AI score0.00095EPSS
Exploits0References4
CVE
CVEadded 2026/05/05 11:24 a.m.3 views

CVE-2023-54349

AmazCart CMS 3.4 is affected by a reflected cross-site scripting (XSS) vulnerability in the search functionality. The issue allows unauthenticated attackers to inject arbitrary JavaScript by submitting payloads in the search input, with scripts potentially executing when search results or history...

6.1CVSS5.9AI score0.00095EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/05 11:24 a.m.27 views

CVE-2023-54345 Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS0.0011EPSS
Exploits1References8
ATTACKERKB
ATTACKERKBadded 2026/05/05 11:24 a.m.1 views

CVE-2023-54345

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the...

8.8CVSS6.2AI score0.0011EPSS
Exploits1References8Affected Software1
CVE
CVEadded 2026/05/05 11:24 a.m.5 views

CVE-2023-54345

The CVE-2023-54345 entry concerns Frappe Framework ERPNext 13.4.0. A sandbox-escape flaw in RestrictedPython allows authenticated users with the System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via /app/server-script and access ...

8.8CVSS6.2AI score0.0011EPSS
Exploits1References8Affected Software1
EUVD
EUVDadded 2026/05/05 6:31 a.m.5 views

EUVD-2026-27181

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

6.4CVSS6AI score0.00039EPSS
Exploits0References5
CVE
CVEadded 2026/05/05 3:45 a.m.16 views

CVE-2026-7810

CVE-2026-7810 affects UsamaK98 python-notebook-mcp (server.py) with path traversal in create_notebook/read_notebook/edit_cell/add_cell. Root cause: manipulation in server.py enables remote attack. Exploit published and may be used; no product version details due to rolling-release approach. CVSS ...

7.5CVSS6.8AI score0.00066EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/05 3:31 a.m.3 views

EUVD-2026-27205

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00022EPSS
Exploits0References12
EUVD
EUVDadded 2026/05/05 3:31 a.m.2 views

EUVD-2026-27207

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS5.7AI score0.00017EPSS
Exploits0References8
EUVD
EUVDadded 2026/05/05 3:31 a.m.4 views

EUVD-2026-27183

The Charts Ninja: Create Beautiful Graphs & Charts and Easily Add Them to Your Website plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'chartid' shortcode attribute in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. Th...

6.4CVSS6AI score0.00039EPSS
Exploits0References5
NVD
NVDadded 2026/05/05 3:16 a.m.3 views

CVE-2026-6701

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS0.00022EPSS
Exploits0References11
Cvelist
Cvelistadded 2026/05/05 2:26 a.m.27 views

CVE-2026-6704 Blog Settings <= 1.0 - Reflected Cross-Site Scripting via 'page' Parameter

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00137EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/05 2:26 a.m.2 views

CVE-2026-6704

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6AI score0.00137EPSS
Exploits0References5
Rows per page
Query Builder