Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/04/01 2:16 p.m.7 views

CVE-2026-5271

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated command e.g., pip, pytest from an attacker-controlled directory, a malicious module in that directory c...

7.8CVSS0.00173EPSS
Exploits1References2
EUVD
EUVDadded 2026/04/01 1:48 p.m.2 views

EUVD-2026-17911

pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. This could lead to modules getting shadowed...

5.6CVSS5.8AI score0.00173EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:9 p.m.2 views

CVE-2026-27649

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

7.3CVSS5.8AI score0.00328EPSS
Exploits0References1
NVD
NVDadded 2026/03/06 4:16 p.m.10 views

CVE-2026-27764

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent...

8.6CVSS0.00295EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/09 9:1 a.m.28 views

CVE-2026-25905 Lack of isolation in mcp-run-python leads to MCP server takeover

The Python code being run by 'runPython' or 'runPythonAsync' is not isolated from the rest of the JS code, allowing any Python code to use the Pyodide APIs to modify the JS environment. This may result in an attacker hijacking the MCP server - for malicious purposes including MCP tool shadowing...

5.8CVSS0.00177EPSS
Exploits0References1
OSV
OSVadded 2025/06/11 2:15 p.m.3 views

CVE-2025-4922

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

8.1CVSS6.7AI score
Exploits0References1
OSV
OSVadded 2025/06/11 2:15 p.m.2 views

UBUNTU-CVE-2025-4922

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

8.1CVSS6AI score0.00473EPSS
Exploits0References3
Rows per page
Query Builder