CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

146 matches found

CVE-2026-56243

Capgo before 12.128.2 contains a security control bypass vulnerability where the PostgREST/RLS plane accepts plaintext API keys through the capgkey header despite enforcehashedapikeys being enabled. Attackers can bypass org-level hashed-key enforcement by sending plaintext API keys directly to th...

8.6CVSS5.9AI score

Exploits0References3

Snyk•added 2026/06/06 9:0 p.m.•8 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Shai-Hulud / Miasma software supply chain campaign, a large scale operation that has affected numerous packages across open source ecosystems. The malicio...

9.8CVSS5.7AI score

Exploits0References2

Snyk•added 2026/06/06 9:0 p.m.•9 views

Embedded Malicious Code

9.8CVSS5.7AI score

Exploits0References2

Snyk•added 2026/06/06 9:0 p.m.•9 views

Embedded Malicious Code

9.8CVSS5.7AI score

Exploits0References2

Snyk•added 2026/06/06 9:0 p.m.•8 views

Embedded Malicious Code

9.8CVSS5.7AI score

Exploits0References2

Snyk•added 2026/06/06 9:0 p.m.•9 views

Embedded Malicious Code

9.8CVSS5.7AI score

Exploits0References2

RedhatCVE•added 2026/06/05 7:31 p.m.•9 views

CVE-2025-66467

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8.1CVSS5.4AI score0.00373EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:17 p.m.•6 views

CVE-2026-33362

In Meari IoT SDK builds embedded in CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and white-label Android apps = 1.8.x latest observed, multiple security-critical secrets are hardcoded and shared, including API signing material, password-transport keying, and service access keys...

8.6CVSS5.5AI score0.00241EPSS

Exploits0References1

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from improper input validation, potentially leading to privilege escalation. Users with Fleet management privileges and who are authenticated...

6.5CVSS5.8AI score0.00262EPSS

Exploits0References2

OSV•added 2026/05/12 8:38 a.m.•4 views

BIT-ARGO-WORKFLOWS-2026-42295 Argo Workflows: Exposure of artifact repository credentials

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the workflow executor logs all artifact repository credentials S3 access keys, secret keys, GCS service account keys, Azure account keys, Gi...

8.5CVSS5.7AI score0.00357EPSS

Exploits1References3

Snyk•added 2026/05/11 9:0 p.m.•6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential stealer worm. A malicious actor managed to extract a GitHub Actions OIDC token from the runner process and publish tampered versions of 42 @tanstack/ packages to npm, which then spread ...

9.8CVSS6AI score0.02342EPSS

Exploits3References2

NVD•added 2026/05/11 5:16 p.m.•13 views

CVE-2026-33362

8.6CVSS0.00241EPSS

Exploits0References2

ATTACKERKB•added 2026/05/11 4:4 p.m.•5 views

CVE-2026-33362

8.6CVSS5.8AI score0.00241EPSS

Exploits0References3

CVE•added 2026/05/11 4:4 p.m.•19 views

CVE-2026-33362

The CVE-2026-33362 entry concerns the Meari IoT SDKs embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white‑label Android apps ≤ 1.8.x. The description states that multiple security‑critical secrets are hardcoded and shared, including API signing material, password‑transport...

8.6CVSS5.8AI score0.00241EPSS

Exploits0References2

CNNVD•added 2026/05/11 12:0 a.m.•9 views

Meari IoT SDK 安全漏洞

Meari IoT SDK is a software development kit provided by Meari Corporation, aimed at intelligent device application development in the field of IoT communication and device management. The Meari IoT SDK contains security vulnerabilities, which stem from the hardcoding and sharing of multiple...

8.6CVSS5.8AI score0.00241EPSS

Exploits0References1

Positive Technologies•added 2026/05/11 12:0 a.m.•14 views

PT-2026-39644

8.6CVSS5.8AI score0.00241EPSS

Exploits0References3

Snyk•added 2026/05/10 9:0 p.m.•16 views

Brute Force

Overview better-auth is a The most comprehensive authentication library for TypeScript. Affected versions of this package are vulnerable to Brute Force when rate limiting is enabled which it is by default. The protections of the getIp function, which constructs rate-limiting keys based on the exa...

7.3CVSS5.8AI score0.00295EPSS

Exploits0References2

Vulnrichment•added 2026/05/08 12:16 p.m.•5 views

CVE-2025-66467 Apache CloudStack: MinIO policy remains intact on bucket deletion

8CVSS5.8AI score0.00373EPSS

Exploits0References1

Positive Technologies•added 2026/05/08 12:0 a.m.•16 views

PT-2026-38916

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.20.3.0 Apache CloudStack versions prior to 4.22.0.1 Description Missing MinIO policy cleanup during bucket deletion allows users to retain access to buckets they previously owned. If a different user creat...

8.1CVSS5.8AI score0.00373EPSS

Exploits0References7

CNNVD•added 2026/04/17 12:0 a.m.•10 views

WordPress plugin LatePoint 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00689EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by