CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2026/04/06 1:27 p.m.•5 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by insufficiently privileged clients to execute snapshot and restore commands due to Apache Zookeeper

Summary Apache Zookeeper in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the coordination and configuration management backbone for SolrCloud. CVE-2025-58457. Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer le...

4.3CVSS7AI score0.00294EPSS

IBM Security Bulletins•added 2026/04/03 4:3 p.m.•3 views

Security Bulletin: Due to use of Apache Commons Lang, IBM Operations Analytics - Log Analysis is affected by Uncontrolled Recursion Vulnerability

Summary Apache Commons Lang in Apache Solr is used by IBM Operations Analytics - Log Analysis as part of the core utility such as string manipulation, object utilities, and class utilities. CVE-2025-48924. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerabilit...

5.3CVSS5.8AI score0.02164EPSS

IBM Security Bulletins•added 2026/04/03 3:55 p.m.•6 views

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by Weak Password Policy and Inadequate Account Lockout Mechanism

Summary IBM Operations Analytics – Log Analysis is affected by weaknesses in its Backend Authentication and Session Management module—used as part of its login mechanism—which exposes the product to improper authentication risks, including weak password policy enforcement and insufficient account...

9.8CVSS5.9AI score0.0036EPSS

Microsoft Secure•added 2026/04/02 3:37 p.m.•7 views

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

In this article 1. Cookie-controlled execution behavior 2. Observed variants of cookie-controlled PHP web shells 3. Mitigation and protection guidance 4. Microsoft Defender XDR detections 5. Microsoft Security Copilot prompts 6. Microsoft Defender XDR threat analytics 7. MITRE ATT&CK™ Techniques...

6.7AI score

Exploits0

Packet Storm News•added 2026/04/02 12:0 a.m.•8 views

WhatWeb Scanner 0.6.4

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

6AI score

Exploits0

RedhatCVE•added 2026/04/01 11:0 p.m.•4 views

CVE-2026-33415

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were n...

Vulnrichment•added 2026/03/31 5:42 p.m.•3 views

Exploits0References1

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

5.1CVSS5.8AI score0.00188EPSS

OSV•added 2026/03/31 5:42 p.m.•3 views

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

5.1CVSS5.8AI score0.00188EPSS

Exploits0References4

Cvelist•added 2026/03/31 5:42 p.m.•26 views

CVE-2026-33415 Discourse: Improper Access Control in discourse-ai Allows Unauthorized Category Content Exposure

5.1CVSS0.00188EPSS

ATTACKERKB•added 2026/03/31 5:42 p.m.•2 views

CVE-2026-33415

Exploits0References3Affected Software1

CVE•added 2026/03/31 5:42 p.m.•9 views

CVE-2026-33415

CVE-2026-33415 affects Discourse before fixed versions: 2026.1.3, 2026.2.2, and 2026.3.0. An authenticated moderator-level user could bypass category permissions via an insufficiently protected sentiment analytics endpoint, enabling retrieval of post contents, topic titles, and usernames from cat...

Exploits0References2Affected Software1

Positive Technologies•added 2026/03/31 12:0 a.m.•5 views

PT-2026-29319

GithubExploit•added 2026/03/28 12:45 p.m.•118 views

Exploits0References6

hays-london-azure-platform-2-poc

Hays London Azure Platform Engineer POC — AKS Operations & Pla...

6AI score

Exploits0

Japan Vulnerability Notes•added 2026/03/27 9:18 a.m.•10 views

Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer

Overview Vulnerability exists in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take...

8.2CVSS5.9AI score0.00174EPSS

RedhatCVE•added 2026/03/26 9:42 p.m.•3 views

CVE-2026-3529

A flaw was found in Drupal Google Analytics GA4. This vulnerability, identified as Cross-site Scripting XSS, arises from improper neutralization of input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, which would then execute in a...

6AI score0.00243EPSS

EUVD•added 2026/03/26 9:31 p.m.•4 views

EUVD-2026-16383

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Google Analytics GA4 allows Cross-Site Scripting XSS.This issue affects Google Analytics GA4: from 0.0.0 before 1.1.14...

5.8AI score0.00243EPSS