Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RubySec
RubySecadded 2026/05/04 12:0 a.m.6 views

net-imap vulnerable to command Injection via "raw" arguments to multiple commands

Summary Several Net::IMAP commands accept a raw string argument that is sent to the server without validation or escaping. If this string is derived from user-controlled input, it may contain contain CRLF sequences, which an attacker can use to inject arbitrary IMAP commands. Details Net::IMAP's...

9.8CVSS5.9AI score0.00017EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/25 12:0 a.m.5 views

PT-2026-37179

Name of the Vulnerable Software and Affected Versions GitPython versions 3.1.30 through 3.1.46 Description GitPython fails to properly validate certain Python keyword arguments, allowing a bypass of the safety checks intended to block dangerous Git options. While the library blocks options like...

9CVSS6AI score0.00159EPSS
Exploits3References36
OSV
OSVadded 2026/04/16 9:34 p.m.4 views

GHSA-2MVX-F5QM-V2CH Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blog in My Calendar

Summary An unauthenticated Insecure Direct Object Reference IDOR and Denial of Service DoS vulnerability in the My Calendar plugin allows any unauthenticated user to extract calendar events including private or hidden ones from any sub-site on a WordPress Multisite network. On standard Single Sit...

8.8CVSS5.8AI score0.03099EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.3 views

GPT Researcher 代码注入漏洞

GPT Researcher is an AI-based deep research agent tool developed by Assaf Elovic. Versions of GPT Researcher 3.4.3 and earlier have a code injection vulnerability. This vulnerability stems from improper handling of the args parameter in the extractcommanddata function in the...

7.5CVSS7.2AI score0.00067EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/03/03 12:0 a.m.2 views

PT-2026-26234

Summary OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated gateway.cmd files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task...

8.5CVSS6AI score0.00053EPSS
Exploits0References11
Github Security Blog
Github Security Blogadded 2025/04/23 10:25 p.m.16 views

YoutubeDLSharp allows command injection on windows system due to non sanitized arguments

Summary This vulnerability only apply when running on a Windows OS. An unsafe conversion of arguments allows the injection of a malicous commands when starting yt-dlp from a commands prompt. !CAUTION NOTE THAT DEPENDING ON THE CONTEXT AND WHERE THE LIBRARY IS USED, THIS MAY HAVE MORE SEVERE...

9.2CVSS7.6AI score0.00086EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder