CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

78 matches found

Tenable Nessus•added 2026/06/06 12:0 a.m.•6 views

EulerOS Virtualization 2.13.0 : libarchive (EulerOS-SA-2026-2172)

According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when...

5.5CVSS5.5AI score0.00136EPSS

Exploits1References2

Tenable Nessus•added 2026/06/06 12:0 a.m.•8 views

EulerOS Virtualization 2.13.1 : libarchive (EulerOS-SA-2026-2133)

5.5CVSS5.5AI score0.00136EPSS

Exploits1References2

RedHat Linux•added 2026/05/27 4:46 p.m.•22 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS6AI score0.01016EPSS

Exploits0References5

Positive Technologies•added 2026/04/22 12:0 a.m.•9 views

PT-2026-37152

Name of the Vulnerable Software and Affected Versions i18nextify versions prior to 4.0.8 Description The software substitutes key interpolation tokens within src and href attribute values using the raw string from i18next.t. The substitution logic in the replaceInside handler within src/localize....

4.7CVSS6AI score0.00144EPSS

Exploits0References6

Vulnrichment•added 2026/04/07 4:20 p.m.•1 views

CVE-2026-35585 File Browser has a Command Injection via Hook Runner

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 until 2.33.8, the hook system in File Browser — which executes administrator-defined shell commands on file events such as upload, rename, and delete...

7.5CVSS6.1AI score0.01922EPSS

Exploits2References2

Vulnrichment•added 2026/04/03 10:50 p.m.•2 views

CVE-2026-34937 PraisonAI: Shell Injection in run_python() via Unescaped $() Substitution

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, runpython in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c "" and passing it to subprocess.run..., shell=True. The escaping logic only handles \ and ", leaving $ and backtick...

7.8CVSS6.2AI score0.00545EPSS

Exploits1References1

EUVD•added 2026/03/31 3:31 p.m.•2 views

EUVD-2026-17423

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.01659EPSS

Exploits0References3

EUVD•added 2026/03/31 3:31 p.m.•4 views

EUVD-2026-17427

6.3AI score0.01201EPSS

Exploits0References3

NVD•added 2026/03/31 3:16 p.m.•3 views

CVE-2026-30314

9.8CVSS0.01201EPSS

Exploits0References2

Cvelist•added 2026/03/31 12:0 a.m.•19 views

CVE-2026-30314

0.01201EPSS

Exploits0References2

ATTACKERKB•added 2026/03/31 12:0 a.m.•3 views

CVE-2026-30314

6.3AI score0.01201EPSS

Exploits0References3

Positive Technologies•added 2026/03/31 12:0 a.m.•2 views

PT-2026-29253

6.3AI score0.01659EPSS

Exploits0References3

Vulnrichment•added 2026/03/31 12:0 a.m.•3 views

CVE-2026-30311

6.3AI score0.01659EPSS

Exploits0References2

EUVD•added 2026/03/30 9:31 p.m.•5 views

EUVD-2026-17188

Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, i...

6.3AI score0.01145EPSS

Exploits0References3

EUVD•added 2026/03/30 9:31 p.m.•2 views

EUVD-2026-17186

Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it...

6.3AI score0.01145EPSS

Exploits0References3

NVD•added 2026/03/30 8:16 p.m.•4 views

CVE-2026-30305

9.8CVSS0.01145EPSS

Exploits0References2

Positive Technologies•added 2026/03/30 12:0 a.m.•2 views

PT-2026-29102

Name of the Vulnerable Software and Affected Versions Syntx affected versions not specified Description The command auto-approval module contains a critical OS command injection issue that bypasses its whitelist security mechanism. The system uses weak regular expressions to parse command...

9.8CVSS6.1AI score0.01145EPSS

Exploits0References4

Vulnrichment•added 2026/03/30 12:0 a.m.•3 views

CVE-2026-30305

6.3AI score0.01145EPSS

Exploits0References2

CVE•added 2026/03/30 12:0 a.m.•3 views

CVE-2026-30305

The CVE-2026-30305 issue affects Syntx’s command auto-approval module. The vulnerability arises from fragile regular expressions used to parse commands, which fail to handle Shell command substitution syntax (e.g., $(...) and backticks). An attacker can craft a command such as git log --grep="$(m...

9.8CVSS6.3AI score0.01145EPSS

Exploits0References2Affected Software1

Tenable Nessus•added 2026/03/17 12:0 a.m.•9 views

EulerOS Virtualization 2.12.1 : libarchive (EulerOS-SA-2026-1435)

7.8CVSS6.7AI score0.00333EPSS

Exploits3References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by