CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

116 matches found

CVE-2026-33462

A path traversal vulnerability was identified in Kibana's dashboard management functionality. An authenticated user with limited permissions could create a dashboard with a specially crafted identifier. When an administrator subsequently attempts to delete this dashboard through the Kibana...

4.6CVSS5.8AI score0.00026EPSS

Exploits0References2Affected Software1

VulnCheck KEV•added 2026/04/22 12:0 a.m.•24 views

VulnCheck KEV: CVE-2026-33626

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery SSRF vulnerability in LMDeploy's vision-language module. The loadimage function in lmdeploy/vl/utils.py fetches arbitrary URLs without validating...

7.5CVSS5.9AI score0.08696EPSS

In wildExploits2References2

OpenVAS•added 2026/01/30 12:0 a.m.•2 views

Ubuntu: Security Advisory (USN-7981-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.9AI score0.00006EPSS

Exploits0References2

OSV•added 2026/01/14 4:52 p.m.•3 views

GHSA-7QM7-455J-5P63 enclave-vm Vulnerable to Sandbox Escape via Host Error Prototype Chain

A critical sandbox escape vulnerability exists in enclave-vm affected: 2.6.0, patched: 2.7.0 that can allow untrusted, sandboxed JavaScript to execute arbitrary code in the host Node.js runtime. When a tool invocation fails, enclave-vm exposes a host-side Error object to sandboxed code. This Erro...

10CVSS7.5AI score0.00274EPSS

Exploits3References4

Vulnrichment•added 2026/01/13 11:11 p.m.•1 views

CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

10CVSS7.6AI score0.00274EPSS

Exploits3References2

RedhatCVE•added 2026/01/09 9:3 a.m.•3 views

CVE-2024-39347

Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager SRM before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors...

5.9CVSS6.7AI score0.00391EPSS

Exploits0References1

Vulnrichment•added 2025/12/31 7:44 a.m.•3 views

CVE-2025-15017

A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface and, without authentication, user interaction, or execution conditions, gain unauthorized access...

7CVSS6.6AI score0.00043EPSS

Exploits0References1

EUVD•added 2025/12/31 7:44 a.m.•1 views

EUVD-2025-205900

7CVSS6.5AI score0.00043EPSS

Exploits0References2

CNNVD•added 2025/12/03 12:0 a.m.•3 views

Perforce BlazeMeter Jenkins Plugin 安全漏洞

Perforce BlazeMeter Jenkins Plugin is a plugin from Perforce USA. A security vulnerability exists in Perforce BlazeMeter Jenkins Plugin versions prior to 4.27, which stems from improper privilege control and could lead to unauthorized access to a list of sensitive resources...

5.3CVSS6.3AI score0.00058EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-19351

Malware in sbrugna...

8.6CVSS8.8AI score0.00276EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-22525

Malware in sbrugna...

6.8CVSS6.4AI score0.00438EPSS

Exploits1References25