Export limit exceeded: 350479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 350479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 350479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 350479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 350479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-31236 1 Simonw 1 Llm 2026-05-13 N/A
The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python function definitions. However, the tool directly executes the provided code using the unsafe exec() function without any sanitization, sandboxing, or security restrictions. An attacker can exploit this by crafting a malicious llm command with arbitrary Python code in the --functions argument and using social engineering to trick a victim into running it. This leads to arbitrary code execution on the victim's system, potentially granting the attacker full control.