CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 4 days ago•26 views

CVE-2026-11401

The CVE-2026-11401 entry describes an untrusted search path vulnerability in the GlobalDatabasePlugin of the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL. A remote authenticated low-privilege actor can escalate to other Amazon RDS user privileges (including rds_superuser) via a crafted fu...

8.6CVSS5.5AI score0.00129EPSS

Cvelist•added 4 days ago•24 views

CVE-2026-11400 Privilege Escalation in AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00129EPSS

EUVD•added 4 days ago•5 views

EUVD-2026-34834

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

Vulnrichment•added 4 days ago•3 views

CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

CVE•added 4 days ago•13 views

CVE-2026-50235

Affected software: Lyrion Music Server 9.2.0. Vulnerability: reflected XSS in advanced search parameters that fail to sanitize user input before displaying it in search forms. Impact: can execute arbitrary JavaScript in users’ browsers and potentially steal session information. Exploitation/Detai...

Cvelist•added 4 days ago•31 views

CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

6.1CVSS0.00029EPSS

CVE•added 4 days ago•13 views

CVE-2026-11347

The CVE-2026-11347 entry describes vulnerabilities in the linqi application: hardcoded cryptographic keys and a weak IV-generation mechanism for AES/CBC using a limited ASCII charset. This combination enables known-plaintext attacks and allows an attacker with local access to decrypt obfuscated s...

8.5CVSS5.5AI score0.00008EPSS

Exploits0References1

Positive Technologies•added 4 days ago•6 views

PT-2026-46954

Packet Storm News•added 4 days ago•3 views

Exploits2References3

Synthetic APTs: The Collapse of TTP-Based Attribution

Cyber Threat Intelligence CTI attribution relies on identifying the Tactics, Techniques, and Procedures TTPs that distinguish one threat actor from another. This approach presupposes that each adversary leaves a recognizable operational fingerprint. This work investigates whether AI driven...

5.5AI score

Exploits0

Positive Technologies•added 4 days ago•7 views

PT-2026-46913

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS5.5AI score0.00008EPSS

Exploits0References2

Positive Technologies•added 4 days ago•9 views

PT-2026-47034

Name of the Vulnerable Software and Affected Versions AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL versions prior to 4.0.1 Description An untrusted search path issue exists in the GlobalDatabasePlugin. This allows a remote authenticated low-privilege actor to escalate privileges to thos...

8.6CVSS5.5AI score0.00129EPSS

Exploits0References7

Zero Science Lab•added 4 days ago•23 views

Lyrion Music Server 9.2.0 (search.*) Multiple Script Insertions

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

6.1CVSS5.4AI score0.00029EPSS

Exploits2

Packet Storm•added 4 days ago•21 views

📄 Lyrion Music Server 9.2.0 search Cross Site Scripting

Lyrion Music Server version 9.2.0 has advanced search parameters that are stuffed back into the page so the form keeps its values. Several free-text fields do not apply filtering, resulting in reflected cross site scripting. Lyrion Music Server 9.2.0 search. Multiple Script Insertions Vendor: LMS...

6.1CVSS4.4AI score0.00029EPSS

Exploits2

CVE•added 5 days ago•10 views

CVE-2026-50226

CVE-2026-50226 affects the AcerConnect OTA application. The issue arises from fixed AES-128-CBC keys inside the app, allowing attackers to forge authorization credentials for arbitrary IMEI numbers. This enables unauthorized actors to list catalog items and extract protected binaries from pre-sig...

6.9CVSS5.9AI score0.00041EPSS

Exploits0References1Affected Software1

EUVD•added 5 days ago•7 views

EUVD-2026-34222

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

7.5CVSS5.8AI score0.00034EPSS

Exploits0References1

Cvelist•added 5 days ago•37 views

CVE-2026-50210 Weak Static Cryptographic Initialization Vectors

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors IVs, making it susceptible to replay attacks and known-plaintext decryption...

6.9CVSS0.00034EPSS

Exploits0References1

Positive Technologies•added 5 days ago•10 views

PT-2026-46162

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The device encrypts data using AES-CBC Advanced Encryption Standard in Cipher Block Chaining mode with static zero-filled Initialization Vectors IVs. This...

7.5CVSS5.4AI score0.00034EPSS