CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

CVE-2026-41010

ReleaseJobunpack builds jobdir = File.join@releasedir, 'jobs', name and jobtgz = File.join@releasedir, 'jobs', "name.tgz" where name returns @jobmeta'name', a value taken verbatim from the jobs: array of the attacker-supplied release.MF inside the uploaded tarball. These paths are then interpolat...

8.7CVSS5.9AI score0.00021EPSS

Exploits0References2

PyPA•added 2026/06/01 9:16 a.m.•5 views

PYSEC-2026-184

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00067EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/29 1:14 p.m.•5 views

CVE-2026-45578

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/onpublish.php builds an execAsync command line by string concatenation, single-quoting each argument but never calling...

8.8CVSS5.9AI score0.00058EPSS

Exploits0References2Affected Software1

EUVD•added 2026/05/29 1:14 p.m.•6 views

EUVD-2026-33310

8.8CVSS5.9AI score0.00058EPSS

Exploits0References1

EUVD•added 2026/04/22 12:31 a.m.•4 views

EUVD-2026-24547

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS6AI score0.00014EPSS

Exploits0References8

NVD•added 2026/04/21 11:16 p.m.•2 views

CVE-2026-4821

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error...

0.00014EPSS

Exploits0

ATTACKERKB•added 2026/04/21 10:12 p.m.•2 views

CVE-2026-4821

8.1CVSS6AI score0.00014EPSS

Exploits0References8Affected Software1

Positive Technologies•added 2026/04/21 12:0 a.m.•2 views

PT-2026-34210

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description An improper neutralization of special elements allows an authenticated Management Console administrator to execute arbitrary OS commands. This occurs via shell metacharacter injection...

8.1CVSS5.6AI score0.00014EPSS

Exploits0References10

Vulnrichment•added 2026/02/25 11:10 p.m.•2 views

CVE-2026-27635 Manyfold vulnerable to OS command injection via ZIP filename in f3d render

Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Prior to version 0.133.0, when model render generation is enabled, a logged-in user can achieve RCE by uploading a ZIP containing a file with a shell metacharacter ...

7.5CVSS5.4AI score0.00073EPSS

Exploits1References2

OSV•added 2026/02/20 8:52 p.m.•2 views

CVE-2026-27190 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:childprocess implementation. This vulnerability is fixed in 2.6.8...

8.1CVSS5.6AI score0.00907EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2008-3065

Malware in sbrugna...

9.3CVSS6AI score0.05056EPSS

Exploits2References25

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-8400

Malware in sbrugna...

8.8CVSS8.8AI score0.00278EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2008-3064

Malware in sbrugna...

9.3CVSS6AI score0.0268EPSS

Exploits2References26

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2000-0965

Malware in sbrugna...

7.5CVSS6.4AI score0.01221EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-2435

Malware in sbrugna...

8.8CVSS8.8AI score0.007EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•7 views

EUVD-2025-22152

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00227EPSS

Exploits0References7

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-21894

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00708EPSS

Exploits0References10

CVE•added 2025/07/21 8:18 p.m.•31 views

CVE-2025-53832

CVE-2025-53832 affects the Lara Translate MCP Server package (@translated/lara-mcp). Versions ≤0.0.11 are vulnerable due to unsanitized user input passed to child_process.exec, enabling shell metacharacter injection and potential remote code execution under the MCP server process. Connected advis...

7.5CVSS8AI score0.00227EPSS

Exploits0References2

OSV•added 2025/07/21 8:18 p.m.•7 views

CVE-2025-53832 @translated/lara-mcp vulnerable to command injection in import_tmx tool

Lara Translate MCP Server is a Model Context Protocol MCP Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to...

7.5CVSS8.6AI score0.00227EPSS

Exploits0References4

OSV•added 2025/07/21 2:14 p.m.•7 views

GHSA-XJ5P-8H7G-76M7 @translated/lara-mcp vulnerable to command injection in import_tmx tool

Summary A command injection vulnerability exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote...

7.5CVSS9.2AI score0.00227EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by