CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

56672 matches found

ATTACKERKB•added 2026/05/19 10:52 a.m.•5 views

CVE-2026-37978

A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID userId parameter. This vulnerability allows for cross-role personally identifiable information PII leakage,...

4.9CVSS5.9AI score0.00013EPSS

Exploits0References5

EUVD•added 2026/05/19 10:52 a.m.•7 views

EUVD-2026-30882

4.9CVSS5.9AI score0.00013EPSS

Exploits0References2

Vulnrichment•added 2026/05/19 10:52 a.m.•8 views

CVE-2026-37978 Keycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin api

4.9CVSS5.9AI score0.00013EPSS

Exploits0References2

ATTACKERKB•added 2026/05/19 10:28 a.m.•3 views

CVE-2026-4630

A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference IDOR vulnerability in the Authorization Services Protection API endpoint. By knowing or obtaining a resource's unique identifier UUID belonging to another Resource Server within the same realm,...

6.8CVSS5.7AI score0.00012EPSS

Exploits0References5

EUVD•added 2026/05/19 10:28 a.m.•8 views

EUVD-2026-30879

6.8CVSS5.7AI score0.00012EPSS

Exploits0References2

The Hacker News•added 2026/05/19 7:49 a.m.•8 views

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...

6.1AI score

Exploits0

EUVD•added 2026/05/19 6:0 a.m.•8 views

EUVD-2025-209890

The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc...

7.5CVSS5.8AI score0.00029EPSS

Exploits0References1

Cvelist•added 2026/05/19 6:0 a.m.•37 views

CVE-2025-15609 Fortis For WooCommerce < 1.3.1 - Sensitive API Key Disclosure

0.00029EPSS

Exploits0References1

ATTACKERKB•added 2026/05/19 6:0 a.m.•7 views

CVE-2025-15609

5.8AI score0.00029EPSS

Exploits0References1

RedhatCVE•added 2026/05/19 1:58 a.m.•8 views

CVE-2026-45351

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.9, when a regular user non-admin logs into the application, a http://IP:8080/api/models? web request is initiated by the application and in response, it reveals the system prompt of...

6.5CVSS5.8AI score0.00038EPSS

Exploits1References1

GithubExploit•added 2026/05/19 1:39 a.m.•66 views

Exploit for CVE-2025-11203

CVE-2025-11203 – LiteLLM Health Endpoint APIKEY Information D...

3.5CVSS5.7AI score0.00101EPSS

Exploits1

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/f2-wx (npm)

Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...

5.8AI score

Exploits0References4

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•6 views

Malicious code in @antv/dw-random (npm)

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•9 views

Malicious code in @antv/g-webgpu (npm)

5.8AI score

Exploits0References5

OSSF Malicious Packages•added 2026/05/19 12:0 a.m.•7 views

Malicious code in @antv/gi-assets-tugraph (npm)