CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

27 matches found

CVE-2026-44301

Hugo is a static site generator. From 0.43 to before 0.161.0, when building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could...

8.6CVSS5.5AI score0.00044EPSS

Exploits0References1

OSV•added 2026/05/12 10:16 p.m.•3 views

DEBIAN-CVE-2026-44301

8.1CVSS5.8AI score0.00044EPSS

Exploits0References1

Debian CVE•added 2026/05/12 9:37 p.m.•6 views

CVE-2026-44301

8.6CVSS5.8AI score0.00044EPSS

Exploits0

Cvelist•added 2026/05/12 9:37 p.m.•32 views

CVE-2026-44301 Hugo: Node tool execution allows file system access outside the project directory

8.6CVSS0.00044EPSS

Exploits0References1

CNVD•added 2026/04/20 12:0 a.m.•1 views

Unspecified Vulnerability in PraisonAI (CNVD-2026-18147)

PraisonAI is a low-code multi-intelligence body collaboration framework by the individual developer Mervin Praison. PraisonAI suffers from a security vulnerability that stems from the OAuthManager.validatetoken function returning True for any token not found in its internal storage, which can be...

9.1CVSS5.5AI score0.00021EPSS

Exploits1

RedhatCVE•added 2026/03/26 3:11 p.m.•2 views

CVE-2026-32035

OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can exploit this omission to access owner-only tools including gateway and cron functionality in...

5.9CVSS5.8AI score0.0004EPSS

Exploits0References1

CNVD•added 2026/03/24 12:0 a.m.•2 views

OpenClaw has an unspecified vulnerability (CNVD-2026-14832)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that is caused by failing to pass the senderIsOwner flag when processing Discord voice transcription in agentCommand. An attacker could exploit the vulnerability to cause a voi...

5.9CVSS5.9AI score0.0004EPSS

Exploits0References1

Wordfence Blog•added 2026/01/29 5:5 p.m.•17 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (January 19, 2026 to January 25, 2026)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugin and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.9CVSS6.5AI score0.00976EPSS

Exploits13

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2009-1144

Malware in sbrugna...

7CVSS6.7AI score0.00076EPSS

Exploits0References4

CVE•added 2025/08/25 3:38 p.m.•8 views

CVE-2025-55301

The Scratch Channel CVE-2025-55301 affects version 1 of The Scratch Channel (the news site) where localStorage can be manipulated via the browser DevTools to edit the account username locally. This is a client-side storage integrity issue occurring in version 1; it was addressed in version 1.1. T...

6.7CVSS6.3AI score0.00026EPSS

Exploits0References3

OSV•added 2024/06/25 1:4 p.m.•5 views

MAL-2024-3139 Malicious code in tools-access-react-redux-router (npm)