CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30914 matches found

Positive Technologies•added 2026/04/22 12:0 a.m.•3 views

PT-2026-36854

Name of the Vulnerable Software and Affected Versions Evolver versions prior to 1.69.3 Description A command injection issue exists in the extractLLM function. The function constructs a curl command using string concatenation and passes it to execSync without proper sanitization. This allows...

9.8CVSS6.4AI score0.00547EPSS

Exploits0References9

Packet Storm•added 2026/04/22 12:0 a.m.•89 views

📄 Eclipse Che WebSocket Machine-Exec Remote Code Execution

This Python script is a WebSocket-based client designed to interact with an Eclipse Che / DevSpaces machine-exec service and test for an unauthenticated remote code execution vulnerability...

9CVSS6.4AI score0.44352EPSS

Exploits2

CNVD•added 2026/04/22 12:0 a.m.•1 views

Oracle MySQL Shell Core Client Denial of Service Vulnerability (CNVD-2026-18573)

Oracle MySQL Shell is a command line tool for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an attacker to cause MySQL...

5CVSS7.6AI score0.00019EPSS

Exploits0

Positive Technologies•added 2026/04/22 12:0 a.m.•4 views

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

9.4CVSS6.2AI score0.00534EPSS

Exploits0References6

CNVD•added 2026/04/22 12:0 a.m.•1 views

Oracle MySQL Shell Core Client Denial of Service Vulnerability (CNVD-2026-18574)

Oracle MySQL Shell is a command line tool and advanced client for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an...

5CVSS7.6AI score0.00019EPSS

Exploits0

NVD•added 2026/04/21 11:16 p.m.•2 views

CVE-2026-4821

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it was published in error...

0.00014EPSS

Exploits0

Vulnrichment•added 2026/04/21 11:7 p.m.•1 views

CVE-2026-41304 WWBN AVideo vulnerable to RCE caused by clonesite plugin

WWBN AVideo is an open source video platform. In versions 29.0 and below, the cloneServer.json.php endpoint in the CloneSite plugin constructs shell commands using user-controlled input url parameter without proper sanitization. The input is directly concatenated into a wget command executed via...

9.3CVSS6AI score0.00649EPSS

Exploits1References2

CVE•added 2026/04/21 10:42 p.m.•10 views

CVE-2026-5845

Summary: CVE-2026-5845 affects GitHub Enterprise Server versions prior to 3.21, due to an improper authorization fallback in scoped user-to-server (ghu_) token handling. An authenticated attacker could access private repositories outside the intended installation scope, potentially including writ...

9.6CVSS5.8AI score0.00025EPSS

Exploits0References7Affected Software1

ATTACKERKB•added 2026/04/21 10:12 p.m.•2 views

CVE-2026-4821

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS6AI score0.00014EPSS

Exploits0References8Affected Software1

EUVD•added 2026/04/21 9:31 p.m.•1 views

EUVD-2026-24418

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

5.8CVSS5.7AI score0.0005EPSS

Exploits0References2

EUVD•added 2026/04/21 9:31 p.m.•3 views

EUVD-2026-24420

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

5CVSS5.7AI score0.00019EPSS

Exploits0References2

EUVD•added 2026/04/21 9:31 p.m.•4 views

EUVD-2026-24416

5CVSS5.7AI score0.00019EPSS

Exploits0References2

NVD•added 2026/04/21 9:16 p.m.•3 views

CVE-2026-34319

5CVSS0.00019EPSS

Exploits0References1

NVD•added 2026/04/21 9:16 p.m.•2 views

CVE-2026-34317