CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

12956 matches found

CVE-2026-13316

Foreman (HTTP proxies: http_proxies_controller, http_proxy) is affected by a flaw that allows SSRF, enabling access to cloud metadata services in AWS/GCP/Azure environments via modified HTTP parameters. Root cause involves unvalidated/test_url parameters in Foreman’s configuration paths. Impact i...

4.4CVSS5.7AI score

Exploits0References2

Chainguard•added 4 days ago•5 views

GHSA-MPWR-8VM7-H73F vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure-orbital, grafana-fips, crossplane-provider-azure-servicefabric, crossplane-provider-azure-network, crossplane-provider-azure-storagecache, crossplane-provider-azure-alertsmanagement, crossplane-provider-azure-search, gobuster,...

5.8AI score

Exploits0

Chainguard•added 4 days ago•4 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-athena, apko, crossplane-provider-aws-directconnect, flux-kustomize-controller, sealed-secrets-fips, crossplane-provider-aws-elbv2, crossplane-provider-keycloak, crossplane-provider-aws-kendra, drone, crossplane-provider-aws-bedrockagent-fips,...

5.8AI score

Exploits0

Chainguard•added 4 days ago•5 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

5.8AI score

Exploits0

Chainguard•added 4 days ago•4 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: apko, cluster-api-azure-controller-fips, kots, kubescape-server-fips, neuvector-sigstore-interface, crossplane-provider-azure-securityinsights, crossplane-provider-azure-network, k9s-fips, kyverno-fips, flux-kustomize-controller, fulcio-fips, gitlab-rails-ce, vault,...

5.8AI score

Exploits0

Chainguard•added 4 days ago•4 views

GHSA-89GR-R52H-F8RX vulnerabilities

5.8AI score

Exploits0

Wolfi•added 4 days ago•6 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: k9s, argo-events, terraform-provider-tls, flux-notification-controller, prometheus-operator, rootlesskit, atlantis, neuvector-sigstore-interface, cert-manager, gitlab-kas, docker-machine-driver-harvester, cilium, cluster-api-azure-controller, nerdctl, age, hcloud,...

5.8AI score

Exploits0

NVD•added 4 days ago•5 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS0.00129EPSS

Exploits0References1

OSV•added 5 days ago•2 views

GO-2026-5710 Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus

Prometheus Azure AD remote write OAuth client secret exposed via config API in github.com/prometheus/prometheus...

7.5CVSS5.9AI score0.00249EPSS

Exploits0References6

NVD•added 5 days ago•4 views

CVE-2026-55412

ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.178-lts, there's an SSRF in the RestAPI data source component. The RestAPI data source executes HTTP requests server-side, and its private IP filter only...

8.3CVSS0.00193EPSS

Exploits0References1

Cvelist•added 5 days ago•27 views

CVE-2026-55412 ToolJet Cloud - SSRF to Azure Cloud Infrastructure Compromise

8.3CVSS0.00193EPSS

Exploits0References1

EUVD•added 5 days ago•5 views

EUVD-2026-39469

8.3CVSS5.9AI score0.00193EPSS

Exploits0References1

CVE•added 5 days ago•9 views

CVE-2026-55412

ToolJet (open-source platform) Vulnerability: SSRF in the RestAPI data source component allows authenticated users to induce server-side HTTP requests that bypass its private IP filter via DNS trickery (169.254.169.254.nip.io), potentially stealing Azure managed identity tokens for the AKS produc...

8.3CVSS5.9AI score0.00193EPSS

Exploits0References1

ATTACKERKB•added 5 days ago•7 views

CVE-2026-55412

8.3CVSS5.9AI score0.00193EPSS

Exploits0References2Affected Software1

Chainguard•added 6 days ago•9 views

CVE-2026-48109 vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

8.2CVSS5.8AI score0.00296EPSS

Exploits0

Chainguard•added 6 days ago•9 views

GHSA-HV8M-JJ95-WG3X vulnerabilities

Vulnerabilities for packages: azure-functions-extension-bundles...

5.8AI score

Exploits0

Chainguard•added 2026/06/23 8:16 a.m.•6 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: cluster-api-gcp-controller-fips, flux-kustomize-controller, net-kourier, kgateway, crossplane-provider-keycloak, art, drone, newrelic-infrastructure-agent-fips, flux-kustomize-controller-fips, crossplane-provider-aws-sns-fips, docker-compose-fips, goreleaser,...

5.8AI score

Exploits0

Chainguard•added 2026/06/23 8:16 a.m.•6 views

CVE-2026-41178 vulnerabilities

5.3CVSS5.8AI score0.00237EPSS

Exploits0

CVE•added 2026/06/22 12:25 p.m.•10 views

CVE-2026-56425

CVE-2026-56425 affects the AAD authentication plugin for MISP (OAuth 2.0). The vulnerability stems from using session_id() as the OAuth state parameter, lack of session rotation after login, no dedicated nonce for the state, and not enforcing HTTPS for the redirect URI. Additional issue: OAuth er...

9.3CVSS5.9AI score0.00258EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/22 12:25 p.m.•27 views

CVE-2026-56425 MISP AAD authentication plugin - Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS0.00258EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by