Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/09 12:30 p.m.4 views

OESA-2026-2199 python-dotenv security update

Python-dotenv reads key-value pairs from a .env file and can set them as environment variables. It helps in the development of applications following the 12-factor principles. Security Fixes: python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to...

6.6CVSS5.9AI score0.00004EPSS
Exploits1References2
CVE
CVEadded 2026/04/20 4:25 p.m.21 views

CVE-2026-28684

CVE-2026-28684 (python-dotenv) : The issue affects python-dotenv where the functions set_key() and unset_key() follow symbolic links when rewriting the .env file. This behavior enables a local attacker to overwrite arbitrary files via a crafted symlink during a cross-device rename fallback. Impac...

6.6CVSS5.9AI score0.00004EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/20 4:25 p.m.2 views

CVE-2026-28684 python-dotenv: Symlink following in set_key allows arbitrary file overwrite via cross-device rename fallback

python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, setkey and unsetkey in python-dotenv follow symbolic links when rewriting .env files, allowing a local attacker to overwrite arbitrary files via a crafted symlink when a...

6.6CVSS5.9AI score0.00004EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/12/21 12:0 a.m.2 views

PT-2023-31872 · Apache · Apache Iotdb

Name of the Vulnerable Software and Affected Versions: Apache IoTDB versions 0.13.0 through 0.13.4 Description: The issue is related to the deserialization of untrusted data in Apache IoTDB. Users are advised to upgrade to a fixed version to resolve the issue. Recommendations: For Apache IoTDB...

9.8CVSS9.3AI score0.00555EPSS
Exploits0References12
Snyk
Snykadded 2022/05/14 2:22 a.m.2 views

Arbitrary Code Execution

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Arbitrary Code Execution or cause denial of service via a crafted web site. Remediation Upgrade Microsoft.ChakraCore to version 1.2.2 or...

7.6CVSS7AI score0.11931EPSS
Exploits11References2
Snyk
Snykadded 2022/05/14 2:22 a.m.2 views

Arbitrary Code Execution

Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Arbitrary Code Execution or cause denial of service via a crafted web site. Remediation Upgrade Microsoft.ChakraCore to version 1.2.2 or...

7.6CVSS7AI score0.69291EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2011/11/02 12:0 a.m.2 views

PT-2011-4839 · Phpldapadmin · Phpldapadmin

Name of the Vulnerable Software and Affected Versions: phpLDAPadmin versions 1.2.x before 1.2.2 Description: The issue allows remote attackers to execute arbitrary PHP code via the orderby parameter also known as the sortby variable in a query engine action to "cmd.php". This has been exploited i...

7.5CVSS7.3AI score0.84398EPSS
Exploits3References19
Rows per page
Query Builder