CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5052 matches found

CVE-2026-11466

A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collectionrouter.py. This manipulation of the argument kwargs causes improper access controls. Remote exploitation of the attack is possible. Th...

5.5CVSS5.6AI score0.00043EPSS

Exploits0References1

NVD•added 4 days ago•8 views

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS0.00021EPSS

Exploits0References1

CVE•added 4 days ago•13 views

CVE-2026-8795

The issue affects Rapid7 Velociraptor’s Windows.Collectors.Remapping artifact prior to version 0.76.6. In collection ZIPs, the hostname field from client_info.json is inserted into a YAML template via Go's text/template without escaping. An attacker supplying a crafted collection ZIP can use lite...

7.8CVSS5.6AI score0.00021EPSS

Exploits0References1

Cvelist•added 4 days ago•28 views

CVE-2026-8795

7.8CVSS0.00021EPSS

Exploits0References1

ATTACKERKB•added 4 days ago•3 views

CVE-2026-8795

7.8CVSS5.6AI score0.00021EPSS

Exploits0References2

Vulnrichment•added 4 days ago•3 views

CVE-2026-8795

7.8CVSS5.6AI score0.00021EPSS

Exploits0References1

EUVD•added 4 days ago•7 views

EUVD-2026-35289

7.8CVSS5.6AI score0.00021EPSS

Exploits0References1

Positive Technologies•added 4 days ago•5 views

PT-2026-47644

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

7.5CVSS5.5AI score0.00049EPSS

Exploits0References2

Positive Technologies•added 4 days ago•5 views

PT-2026-47541

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client info.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS5.6AI score0.00021EPSS

Exploits0References2

Positive Technologies•added 4 days ago•8 views

PT-2026-48302

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorized user can cause a server crash by executing a query using a 2dsphere index on a field containing a GeoJSON GeometryCollection. The issue occurs when...

7.1CVSS5.5AI score0.00046EPSS

Exploits0References3

EUVD•added 5 days ago•6 views

EUVD-2026-34997

5.5CVSS5.2AI score0.00043EPSS

Exploits0References8

Tenable Nessus•added 5 days ago•3 views

Amazon Linux 2023 : rclone (ALAS2023-2026-1810)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1810 advisory. Parsing a malicious font file can cause excessive memory allocation. CVE-2026-33812 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbound...

10CVSS5.8AI score0.00068EPSS

Exploits0References30

NVD•added 6 days ago•6 views

CVE-2026-11466

5.5CVSS0.00043EPSS

Exploits0References7

Vulnrichment•added 6 days ago•5 views

CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

5.5CVSS5.6AI score0.00043EPSS

Exploits0References7

CVE•added 6 days ago•17 views

CVE-2026-11466

CVE-2026-11466 affects the zilliztech deep-searcher up to version 0.0.2. The issue is in deepsearcher/agent/collection_router.py (function CollectionRouter.invoke ), where argument kwargs manipulation leads to improper access controls. This enables remote exploitation ; the exploit is publicly av...

5.5CVSS5.6AI score0.00043EPSS

Exploits0References7

Cvelist•added 6 days ago•30 views

CVE-2026-11466 zilliztech deep-searcher collection_router.py CollectionRouter.invoke access control

5.5CVSS0.00043EPSS

Exploits0References7

ATTACKERKB•added 6 days ago•3 views

CVE-2026-11466

5.5CVSS5.6AI score0.00043EPSS

Exploits0References7Affected Software1

Positive Technologies•added 6 days ago•8 views

PT-2026-47197

Name of the Vulnerable Software and Affected Versions zilliztech deep-searcher versions prior to 0.0.3 Description Improper access controls in the CollectionRouter.invoke function within the deepsearcher/agent/collection router.py file allow for remote exploitation. This issue is caused by the...

5.5CVSS6.1AI score0.00043EPSS

Exploits0References10

SUSE CVE•added last week•5 views

SUSE CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...

4.8CVSS4.9AI score0.00013EPSS

Exploits1References3

RedhatCVE•added 2026/06/05 7:47 p.m.•5 views

CVE-2026-45154

Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was deleted and the collective was shared view-only, guests with access to the collective were able to access the deleted pages directly from the trashbin. This...

2.6CVSS5.3AI score0.00013EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by