CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/03 12:0 a.m.•10 views

PT-2026-46094

Impact In versions 2.91.0, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source via supply chain attack, DNS spoofing, or MITM, they could write arbitrary files to any...

7.5CVSS6.3AI score

Exploits0References4

OSV•added 2026/05/16 4:58 p.m.•5 views

MAL-2026-3805 Malicious code in netping (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ecc862a2bc12e6779034a99abd68c5d4ffb047f1fc2ae94407dd9e4ad54df5cf The package silently downloads and installs an autostart script that then monitors clipboards and replaces copied cryptowallet adresses. --- Category: MALICIOU...

5.8AI score

Vulnrichment•added 2026/05/08 10:5 p.m.•7 views

CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox

FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution RCE. The startup script entrypoint.sh initializes code-server with the --auth none flag and binds the service to...

9.8CVSS5.8AI score0.00718EPSS

Exploits0References4

CVE•added 2026/05/04 5:33 p.m.•8 views

CVE-2026-43616

Detect-It-Easy (pre-3.21) contains a path traversal vulnerability that allows writing arbitrary files via crafted archive entries (relative traversals or absolute paths). Insufficient path normalization during archive extraction can write outside the target directory and may enable persistent cod...

7.8CVSS6.3AI score0.00168EPSS

Exploits0References7Affected Software1

Positive Technologies•added 2026/05/04 12:0 a.m.•7 views

PT-2026-36888

Name of the Vulnerable Software and Affected Versions Detect-It-Easy versions prior to 3.21 Description Insufficient path normalization during archive extraction allows attackers to write arbitrary files to the filesystem. By crafting malicious archive entries using absolute paths or relative...

7.8CVSS6.3AI score0.00168EPSS

Exploits0References12

Metasploit•added 2026/04/15 7:2 p.m.•275 views

Powershell Profile Persistence

This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...

5.3AI score

Exploits0

RedhatCVE•added 2026/03/20 10:20 p.m.•3 views

CVE-2026-23537

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS6AI score

Exploits0References3

EUVD•added 2026/02/26 3:30 p.m.•7 views

EUVD-2026-8853

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

NVD•added 2026/02/26 3:17 p.m.•8 views

CVE-2026-2244

8.4CVSS0.00247EPSS

ATTACKERKB•added 2026/02/26 2:14 p.m.•5 views

CVE-2026-2244

Cvelist•added 2026/02/26 2:14 p.m.•22 views

CVE-2026-2244 Sensitive Data Exposure in Google Cloud Vertex AI Workbench

8.4CVSS0.00247EPSS

CVE•added 2026/02/26 2:14 p.m.•29 views

CVE-2026-2244

Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...

Positive Technologies•added 2026/02/26 12:0 a.m.•9 views

PT-2026-22149

Tenable Nessus•added 2026/01/19 12:0 a.m.•5 views

MiracleLinux 4 : dnsmasq-2.48-13.AXS4 (AXSA:2013-132:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2013-132:01 advisory. Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve...

5CVSS5.6AI score0.05028EPSS

ATTACKERKB•added 2026/01/14 12:0 a.m.•5 views

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

6.8CVSS5.9AI score0.00312EPSS

Exploits0References4

Positive Technologies•added 2026/01/14 12:0 a.m.•4 views

PT-2026-2920

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...

8.4CVSS7.2AI score0.00312EPSS

Exploits0References6

RedhatCVE•added 2026/01/09 9:56 a.m.•3 views

CVE-2020-12020

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an...

6.1CVSS6.9AI score0.00313EPSS