CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

OSV•added 2026/02/24 2:16 a.m.•2 views

UBUNTU-CVE-2026-25966

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

7.8CVSS5.8AI score0.00007EPSS

Exploits0References3

EUVD•added 2026/02/24 1:27 a.m.•5 views

EUVD-2026-7437

5.9CVSS5.4AI score0.00007EPSS

Exploits0References1

Snyk•added 2026/02/24 1:27 a.m.•6 views

Incomplete List of Disallowed Inputs

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.8CVSS6AI score0.00007EPSS

Exploits0References2

CVE•added 2026/02/24 1:27 a.m.•21 views

CVE-2026-25966

CVE-2026-25966 concerns ImageMagick’s security policy bypass via fd: pseudo-filenames (e.g., fd:0, fd:1). Prior to 7.1.2-15 and 6.9.13-40, the policy did not block this path form, allowing potential local access to stdin/stdout. A patch was added to more secure policies by default in 7.1.2-15/6.9...

7.8CVSS5.4AI score0.00007EPSS

Exploits0References1Affected Software1

OSV•added 2026/02/19 10:6 p.m.•2 views

GHSA-4685-C5CP-VP95 OpenClaw safeBins stdin-only bypass via sort output and recursive grep flags

Summary tools.exec.safeBins could be bypassed for filesystem access when sort output flags -o / --output or recursive grep flags were allowed through safe-bin execution paths. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.19 - Latest published version at triag...

3.6CVSS5.9AI score0.00018EPSS

Exploits0References5

Github Security Blog•added 2026/02/18 12:50 a.m.•6 views

OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

Summary OpenClaw's exec-approvals allowlist supports a small set of "safe bins" intended to be stdin-only no positional file arguments when running tools.exec.host=gateway|node with security=allowlist. In affected configurations, the allowlist validation checked pre-expansion argv tokens, but...

8.6CVSS5.8AI score0.00023EPSS

Exploits0References6Affected Software1

OSV•added 2026/02/18 12:50 a.m.•2 views

GHSA-XVHF-X56F-2HPP OpenClaw exec approvals: safeBins could bypass stdin-only constraints via shell expansion

8.6CVSS5.8AI score0.00023EPSS

Exploits0References6

AstraLinux•added 2025/11/01 10:54 a.m.•3 views

Astra Linux - уязвимость в pam

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS5.6AI score0.00042EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2008-3057

Malware in sbrugna...

2.1CVSS6.3AI score0.00057EPSS

Exploits0References4

Amazon•added 2025/08/08 12:0 a.m.•1 views

Medium: pam

Issue Overview: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain...

4.7CVSS6.8AI score0.00042EPSS

Exploits0

Amazon•added 2025/08/04 12:0 a.m.•2 views

Medium: pam

4.7CVSS6.7AI score0.00042EPSS

Exploits0

OSV•added 2025/06/06 2:4 p.m.•2 views

OESA-2025-1601 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by...

4.7CVSS6.8AI score0.00042EPSS

Exploits0References2

OSV•added 2025/06/06 2:4 p.m.•2 views

OESA-2025-1599 pam security update

4.7CVSS6.8AI score0.00042EPSS

Exploits0References2

OSV•added 2025/04/19 8:40 a.m.•2 views

CLSA-2025-1745052021 Fix CVE(s): CVE-2020-1739

SECURITY UPDATE: password disclosure via svn module argument - debian/patches/CVE-2020-1739.patch: Fix security issue by providing password securely with --password-from-stdin option and warn if svn version is too old to support it - CVE-2020-1739...

3.9CVSS5.8AI score0.00046EPSS

Exploits0References1

RedHat Linux•added 2024/12/17 8:25 p.m.•4 views

pam: libpam: Libpam vulnerable to read hashed password

4.7CVSS7.4AI score0.00042EPSS

Exploits0References4

SUSE CVE•added 2024/10/24 11:31 a.m.•1 views

SUSE CVE-2024-10041

4.7CVSS9.2AI score0.00042EPSS

Exploits0References18

OSV•added 2024/10/23 2:15 p.m.•2 views

AZL-51729 CVE-2024-10041 affecting package pam for versions less than 1.5.3-4

4.7CVSS7AI score0.00042EPSS

Exploits0References1

OSV•added 2024/10/23 2:15 p.m.•1 views

AZL-51693 CVE-2024-10041 affecting package pam for versions less than 1.5.1-7

4.7CVSS7AI score0.00042EPSS

Exploits0References1

OSV•added 2024/10/23 2:15 p.m.•0 views

UBUNTU-CVE-2024-10041

4.7CVSS6.9AI score0.00042EPSS

Exploits0References3

Github Security Blog•added 2024/07/22 5:40 p.m.•17 views

ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command

Summary The issue here is that we pass the secret content as one of the args via CLI. This issue may affect any of our charms that are using: Juju =3.0, Juju secrets and not correctly capturing and processing subprocess.CalledProcessError. There are two points that may log this command, in...

4.4CVSS7.3AI score0.00044EPSS

Exploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by