CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

320 matches found

Microsoft CVE•added 2026/05/09 8:3 a.m.•6 views

drm/amdgpu: add upper bound check on user inputs in wait ioctl

...

5.5CVSS5.8AI score0.00013EPSS

Exploits0

Microsoft CVE•added 2026/05/09 8:3 a.m.•6 views

drm/amdgpu: add upper bound check on user inputs in signal ioctl

...

5.5CVSS5.8AI score0.00013EPSS

Exploits0

UbuntuCve•added 2026/05/08 3:16 p.m.•3 views

CVE-2026-43400

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpuuserqsignalioctl can lead to a OOM and could be exploited. So check these input value against AMDGPUUSERQMAXHANDLES which is big enough...

5.5CVSS5.7AI score0.00013EPSS

Exploits0References5

Debian CVE•added 2026/05/08 2:21 p.m.•7 views

CVE-2026-43400

5.5CVSS5.7AI score0.00013EPSS

Exploits0

CNNVD•added 2026/04/27 12:0 a.m.•3 views

WebFileSys 安全漏洞

WebFileSys is a web-based multi-user file manager developed by WebFileSys Inc. in Java. Version 2.31.1 of WebFileSys contains a security vulnerability, which stems from improperly encoded user-controlled inputs. This vulnerability could lead to reflection-type cross-site scripting attacks...

6.1CVSS5.6AI score0.00025EPSS

Exploits3References1

Veracode•added 2026/04/14 11:14 a.m.•2 views

Improper Neutralization

Soft Serve is vulnerable to improper neutralization. The vulnerability is due to insufficient sanitization of user-supplied inputs and git messages, which allows an attacker to inject malicious ANSI escape sequences and display misleading or fake terminal outputs such as alerts...

4.6CVSS5.8AI score0.00032EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/04/09 12:0 a.m.•2 views

PraisonAI 操作系统命令注入漏洞

PraisonAI is a low-code multi-agent collaboration framework developed by Mervin Praison. Versions of PraisonAI prior to 4.5.121 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the executecommand function and the workflow shell, which expose...

9.6CVSS6.1AI score0.0008EPSS

Exploits1References2

Vulnrichment•added 2026/04/08 9:35 p.m.•3 views

CVE-2026-40032 UAC < 3.3.0-rc1 Command Injection via Placeholder Substitution

UAC Unix-like Artifacts Collector before 3.3.0-rc1 contains a command injection vulnerability in the placeholder substitution and command execution pipeline where the runcommand function passes constructed command strings directly to eval without proper sanitization. Attackers can inject shell...

8.5CVSS6AI score0.0002EPSS

Exploits0References7

ATTACKERKB•added 2026/04/07 3:55 p.m.•2 views

CVE-2026-35580

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, GitHub Actions workflow files contained shell injection points where user-controlled workflowdispatch inputs were interpolated directly into shell commands via $ expression syntax. An attacker with repository write access could...

9.1CVSS6AI score0.00023EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/03/11 5:17 p.m.•21 views

CVE-2026-31862 Cloud CLI has Command Injection via Multiple Parameters

Cloud CLI aka Claude Code UI is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync with string interpolation of user-controlled parameters file, branch, message, commit, allowing authenticated attackers to...

9.1CVSS0.00082EPSS

Exploits0References2

CNNVD•added 2026/02/01 12:0 a.m.•4 views

Simple CMS 跨站脚本漏洞

Simple CMS is an open-source content management system developed using Simple PHPScripts. Version 2.1 of Simple CMS has a cross-site scripting vulnerability. This vulnerability stems from persistent cross-site scripting vulnerabilities in user input parameters, which could allow remote attackers ...

6.4CVSS5.7AI score0.00018EPSS

Exploits1References3

RedhatCVE•added 2026/01/09 9:20 a.m.•3 views

CVE-2021-33691

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim ha...

6.9CVSS5.8AI score0.00231EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:20 a.m.•4 views

CVE-2021-33664

SAP NetWeaver Application Server ABAP Applications based on Web Dynpro ABAP, versions - SAPUI - 750,752,753,754,755, SAPBASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

5.4CVSS6AI score0.00237EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 8:42 a.m.•7 views

CVE-2022-31137

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the...

10CVSS7.6AI score0.93971EPSS

Exploits15References1

OSV•added 2025/11/20 3:30 p.m.•2 views

GHSA-H369-CPJJ-QFFF phppgadmin vulnerable to Cross-site Scripting

phpPgAdmin versions 7.13.0 and earlier contain multiple cross-site scripting XSS vulnerabilities across various components. User-supplied inputs from $REQUEST parameters are reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php...

5.3CVSS6.3AI score0.00037EPSS

Exploits0References6

NVD•added 2025/10/30 10:15 p.m.•2 views

CVE-2020-36867

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...

8.8CVSS0.01642EPSS

Exploits0References2