Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

31173 matches found

Vulnrichment
Vulnrichmentadded 2026/03/24 3:7 p.m.2 views

CVE-2026-33335 Vikunja Desktop allows arbitrary local application invocation via unvalidated shell.openExternal

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

6.4CVSS5.9AI score0.00248EPSS
Exploits1References2
CVE
CVEadded 2026/03/24 3:7 p.m.11 views

CVE-2026-33335

CVE-2026-33335 affects Vikunja Desktop (Electron wrapper). From version 0.21.0 up to before 2.2.0, the wrapper forwards URLs from window.open() directly to shell.openExternal() without validation or protocol allowlisting. This enables an attacker who can inject a link that triggers window.open (e...

8CVSS5.9AI score0.00248EPSS
Exploits1References2Affected Software1
Snyk
Snykadded 2026/03/24 2:32 p.m.1 views

Command Injection

Overview intake is a Data catalog, search and load Affected versions of this package are vulnerable to Command Injection via the catalog parsing when the shell syntax is used within parameter default values. An attacker can execute arbitrary commands on the host system by crafting a malicious...

8.8CVSS6.1AI score0.00428EPSS
Exploits1References2
NVD
NVDadded 2026/03/24 2:16 p.m.5 views

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS0.00428EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/24 1:17 p.m.2 views

CVE-2026-33310

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/24 1:17 p.m.3 views

CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/24 1:17 p.m.20 views

CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS0.00428EPSS
Exploits1References2
CVE
CVEadded 2026/03/24 1:17 p.m.25 views

CVE-2026-33310

CVE-2026-33310 affects the Intake data-handling package. Before version 2.0.9, the shell() syntax used in parameter defaults could be expanded during catalog parsing, allowing embedded commands to execute when a malicious YAML catalog is loaded or accessed. This creates a potential command-inject...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References2Affected Software1
OSV
OSVadded 2026/03/24 1:17 p.m.3 views

CVE-2026-33310 Intake has a Command Injection via shell() Expansion in Parameter Defaults

Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell syntax within parameter default values appears to be automatically expanded during the catalog parsing process. If a catalog contains a parameter default such as shell, the command ma...

8.8CVSS5.9AI score0.00428EPSS
Exploits1References4
NVD
NVDadded 2026/03/24 1:16 p.m.4 views

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS0.02956EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/03/24 12:54 p.m.20 views

CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS0.02956EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/03/24 12:54 p.m.2 views

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.3AI score0.02956EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/24 12:54 p.m.4 views

CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.3AI score0.02956EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/24 12:54 p.m.4 views

EUVD-2026-14790

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.3AI score0.02956EPSS
Exploits1References1
CVE
CVEadded 2026/03/24 12:54 p.m.27 views

CVE-2026-33475

Langflow (before v1.9.0) contains an unauthenticated remote shell injection in multiple GitHub Actions workflows due to unsanitized interpolation of GitHub context variables (e.g., ${{ github.head_ref }}) in run: steps. Attackers can inject and execute arbitrary shell commands via user-controlled...

9.1CVSS6.3AI score0.02956EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2026/03/24 12:54 p.m.3 views

CVE-2026-33475 Langflow GitHub Actions Shell Injection

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.2AI score0.02956EPSS
Exploits1References3
EUVD
EUVDadded 2026/03/24 12:30 p.m.4 views

EUVD-2019-20033

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

8.8CVSS6.7AI score0.00798EPSS
Exploits1References5
NVD
NVDadded 2026/03/24 12:16 p.m.4 views

CVE-2019-25646

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...

9.8CVSS0.00912EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/24 11:27 a.m.20 views

CVE-2019-25647 PhreeBooks ERP 5.2.3 Remote Code Execution via Image Manager

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

8.8CVSS0.00798EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/03/24 11:27 a.m.7 views

CVE-2019-25647

PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension controls. Attackers can upload malicious PHP files through the image manager endpoint and execute them...

8.8CVSS6.7AI score0.00798EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder