CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

911 matches found

CVE-2026-41011

PackagePersister.validatetgz builds "tar -tf tgz 2&1" where tgz = File.joinreleasedir, 'packages', "name.tgz" and name = packagemeta'name' comes directly from release.MF inside the uploaded tarball. The string is passed to Bosh::Common::Exec.sh, which executes via %x — i.e., /bin/sh -c. No...

8.7CVSS5.5AI score0.00019EPSS

Exploits0References1

RedhatCVE•added yesterday•2 views

CVE-2026-39382

dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. Inside the reusable workflow dbt-labs/actions/blob/main/.github/workflows/open-issue-in-repo.yml, the prep job uses peter-evans/find-comment to search for an...

9.3CVSS5.6AI score0.00022EPSS

Exploits0References1

RedhatCVE•added yesterday•4 views

CVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

9.1CVSS5.6AI score0.00023EPSS

Exploits1References1

OSV•added yesterday•4 views

BIT-AIRFLOW-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.6AI score0.00051EPSS

Exploits0References3

Positive Technologies•added yesterday•4 views

PT-2026-47023

Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename attribute, imported file paths, and the latex engine code-chunk attribute. On Windows, a crafted...

8.8CVSS5.6AI score

Exploits0References3

NVD•added 2 days ago•5 views

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS0.00021EPSS

Exploits0References1

Cvelist•added 2 days ago•37 views

CVE-2026-41010

8.7CVSS0.00021EPSS

Exploits0References1

Vulnrichment•added 2 days ago•4 views

CVE-2026-41010

8.7CVSS5.9AI score0.00021EPSS

Exploits0References1

CVE•added 2 days ago•9 views

CVE-2026-41011

The CVE affects BOSH: all versions prior to v282.1.12 (inclusive). PackagePersister.validate_tgz constructs a tar command (tar -tf #{tgz}) using a name derived from release.MF without Shellwords.escape, and passes it to Bosh::Common::Exec.sh (via /bin/sh -c). The Models::Package validation runs a...

8.7CVSS5.8AI score0.00019EPSS

Exploits0References1

Cvelist•added 2 days ago•32 views

CVE-2026-41011

8.7CVSS0.00019EPSS

Exploits0References1

RedhatCVE•added 4 days ago•7 views

CVE-2026-42252

9.1CVSS5.8AI score0.00051EPSS

Exploits0References1

PyPA•added 5 days ago•7 views

PYSEC-0000-CVE-2026-42252

9.1CVSS5.8AI score0.00051EPSS

Exploits0References2Affected Software1

OSV•added 5 days ago•3 views

PYSEC-2026-184

9.1CVSS5.8AI score0.00051EPSS

Exploits0References2

NVD•added 5 days ago•9 views

CVE-2026-42252

9.1CVSS0.00051EPSS

Exploits0References2

EUVD•added 5 days ago•8 views

EUVD-2026-33591

5.8AI score0.00051EPSS

Exploits0References2

ATTACKERKB•added 5 days ago•5 views

CVE-2026-42252

9.8CVSS5.8AI score0.00488EPSS

Exploits0References3Affected Software1

Positive Technologies•added 5 days ago•8 views

PT-2026-45368

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbash command="echo value: dag run.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00051EPSS

Exploits0References6

RedhatCVE•added 2026/05/30 2:12 a.m.•8 views

CVE-2026-44713

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

8.8CVSS5.9AI score0.00023EPSS

Exploits0References1

CVE•added 2026/05/29 5:10 p.m.•11 views

CVE-2026-45626

Summary: CVE-2026-45626 (Arcane) enables OS command injection via the volume browser’s path parameter. Affected: Arcane’s browse API (GET /environments/{id}/volumes/{volumeName}/browse) in 1.18.1 and earlier. Root cause: the path sanitiser only blocks ../ traversal and does not strip Bourne-shell...

6.3CVSS6AI score0.00116EPSS

Exploits0References1

ATTACKERKB•added 2026/05/29 4:33 p.m.•6 views

CVE-2026-45628

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via childprocess.exec which runs through /bin/sh -c. User-supplied branch names, repository URLs, and Docker credentials are...

9.6CVSS5.8AI score0.00054EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by