CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•13 views

CVE-2026-46394

CVE-2026-46394 : HAX CMS PHP backend prior to v26.0.0 is vulnerable to OS command injection in the Git.php library. The application builds shell commands from unsanitized input and executes them via proc_open(); only one of 17 command-invoking functions uses escapeshellarg(), increasing risk. An ...

7.7CVSS6.7AI score0.00894EPSS

OSV•added 4 days ago•3 views

GHSA-HV83-GGC4-V385 DbGate: Remote Code Execution via functionName injection in loadReader endpoint

Summary The POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScript code template without any sanitization or validation. An authenticated user with basic access, no special permissions required can inject arbitrary JavaScript...

8.8CVSS6AI score

Exploits0References3

RedhatCVE•added 4 days ago•7 views

CVE-2025-67447

The network diagnosis ping module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands,...

9.8CVSS6AI score0.00287EPSS

NVD•added 5 days ago•11 views

CVE-2025-67447

9.8CVSS0.00287EPSS

CVE•added 5 days ago•9 views

CVE-2025-67447

The CVE concerns the ping module in Neterbit NW-431F Router (versions up to 20241014-IR03) with OS command injection via unsanitized IP address input fed to the system ping. The input validation flaw allows an attacker to inject arbitrary commands, which would run with the web server’s privileges...

9.8CVSS6AI score0.00287EPSS

Positive Technologies•added 5 days ago•14 views

PT-2026-46292

Name of the Vulnerable Software and Affected Versions Neterbit NW-431F Router versions prior to 20241014-IR03 Description The network diagnosis ping module allows OS command injection because the application fails to properly sanitize user input in the IP address field before passing it to the...

9.8CVSS5.8AI score0.00287EPSS

Exploits0References4

NVD•added 2026/05/18 9:16 p.m.•8 views

CVE-2026-27130

9.9CVSS0.00328EPSS

CVE•added 2026/05/18 8:58 p.m.•18 views

CVE-2026-27130

CVE-2026-27130 affects Dokploy (PaaS) versions ≤ 0.26.6. The vulnerability is an OS command injection in the appName parameter, caused by three chained issues: inadequate input sanitization (cleanAppName only lowers case and replaces spaces), lack of schema validation, and direct interpolation of...

9.9CVSS5.8AI score0.00328EPSS

NVD•added 2026/05/15 10:16 p.m.•11 views

CVE-2026-45350

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. In the chatcompletion API, t...

7.1CVSS0.00056EPSS

Cvelist•added 2026/05/15 9:23 p.m.•32 views

CVE-2026-45350 Open WebUI: Chat completion API allows tool restrictions to be bypassed

7.1CVSS0.00056EPSS

EUVD•added 2026/05/15 9:23 p.m.•7 views

EUVD-2026-30652

ATTACKERKB•added 2026/05/15 9:23 p.m.•5 views

CVE-2026-45350

Exploits1References2Affected Software1

CVE•added 2026/05/15 9:23 p.m.•17 views

CVE-2026-45350

Open WebUI (self-hosted AI platform) has a vulnerability in the chat_completion API prior to version 0.8.6 where user-supplied tool_ids/tool_servers are used to build a tools_dict without permission checks. This allows invoking any server tool using the server’s credentials, bypassing tool restri...

Exploits1References1Affected Software1

CNNVD•added 2026/05/15 12:0 a.m.•6 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.6 contained security vulnerabilities. These vulnerabilities stemmed from the chat completion API, where tool IDs and server parameters were provided by users witho...

OSV•added 2026/05/14 8:24 p.m.•3 views

GHSA-4PCG-253R-RF9W Open WebUI's chat completion API allows tool restrictions to be bypassed

Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling unauthorized actions or access. Details In the chatcompletion API, the parameters toolids and toolservers are supplied by the user. These...

7.1CVSS5.7AI score0.00056EPSS

Exploits1References5

CVE•added 2026/05/12 5:57 p.m.•5 views

CVE-2026-42541

CVE-2026-42541 (Kubewarden RBAC Reconnaissance) : Affected Kubewarden versions allow an attacker with privileged AdmissionPolicy/AdmissionPolicyGroup create permissions to abuse the can_i host callback, which forwards a SubjectAccessReview (SAR) to the policy-server with elevated privileges. This...

4.3CVSS5.8AI score0.00023EPSS

Cvelist•added 2026/05/12 5:57 p.m.•26 views

CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS0.00023EPSS

ATTACKERKB•added 2026/05/12 9:1 a.m.•6 views

CVE-2026-5029

A remote code execution vulnerability exists in Code Runner MCP Server when run with the --transport http option, which exposes the /mcp JSON-RPC endpoint without authentication on port 3088. An unauthenticated remote attacker can invoke the run-code MCP tool to supply arbitrary source code and...

8.7CVSS6.6AI score0.00074EPSS