CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-43568

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS5.8AI score0.00109EPSS

NVD•added 2026/05/25 10:16 a.m.•15 views

CVE-2026-9274

This vulnerability exists in CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. An attacker with physical access could exploit this vulnerability by accessing the UART interface and performing memory extraction to obtain sensitive information, including...

5.2CVSS0.00134EPSS

EUVD•added 2026/05/25 9:19 a.m.•14 views

EUVD-2026-31661

Vulnrichment•added 2026/05/25 9:19 a.m.•12 views

CVE-2026-9274 Information Exposure Vulnerability in CP-Plus Wi-Fi Camera

CVE•added 2026/05/25 9:19 a.m.•16 views

CVE-2026-9274

CVE-2026-9274 affects CP Plus Wi-Fi Camera due to improper protection of sensitive information in runtime memory. A physical attacker can access the UART interface to perform memory extraction and obtain sensitive data stored in RAM, including cryptographic private keys, Wi‑Fi credentials, and co...

Positive Technologies•added 2026/05/25 12:0 a.m.•11 views

PT-2026-43026

CNNVD•added 2026/05/25 12:0 a.m.•7 views

CP Plus Wi-Fi Camera 安全漏洞

CP Plus Wi-Fi Camera is a wireless security camera from CP Plus. A security vulnerability exists in the CP Plus Wi-Fi Camera that stems from improper protection of sensitive information in runtime memory, which could allow an attacker with physical access to obtain sensitive information including...

Redos•added 2026/05/24 12:0 a.m.•7 views

ROS-20260524-73-0039

Vulnerability in perl-Compress-Raw-Zlib related to incorrect input of configuration data. The vulnerability can be exploited remotely...

9.8CVSS5.8AI score0.00548EPSS

Exploits1

RedHat Linux•added 2026/05/21 10:10 p.m.•8 views

Important: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

9.8CVSS5.8AI score0.00525EPSS

Exploits1References6

VulnCheck KEV•added 2026/05/16 12:0 a.m.•18 views

VulnCheck KEV: CVE-2025-67303

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...

7.5CVSS7.5AI score0.01361EPSS

In wildExploits3References20

RedhatCVE•added 2026/05/15 7:57 p.m.•10 views

CVE-2026-23998

Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...

8.2CVSS5.8AI score0.00214EPSS

Github Security Blog•added 2026/05/14 8:30 p.m.•10 views

electerm's encrypt method not safe enough

Impact Insecure sync encryption: deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common passwords across installs and perform undetected ciphertext bit-flips to alte...

9.1CVSS5.8AI score0.00105EPSS

Exploits0References5Affected Software1

OSV•added 2026/05/14 1:13 p.m.•5 views

GHSA-2RC4-7JC6-QFFH Fleet has a Windows MDM management endpoint authentication bypass

Summary A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Impact...

8.2CVSS5.8AI score0.00214EPSS

Exploits0References5

Github Security Blog•added 2026/05/14 1:13 p.m.•9 views

Fleet has a Windows MDM management endpoint authentication bypass

8.2CVSS5.8AI score0.00214EPSS

Exploits0References5Affected Software1

EUVD•added 2026/05/13 9:32 p.m.•7 views

EUVD-2026-30174

Quark Drive before 0.8.5 contains a mass assignment vulnerability in the POST /update endpoint that allows authenticated attackers to overwrite administrator credentials by posting an arbitrary webui object to the configdata dictionary. Attackers can exploit insufficient deny-list filtering to...

8.8CVSS5.9AI score0.00367EPSS

Exploits0References4

ATTACKERKB•added 2026/05/13 6:54 p.m.•6 views

CVE-2026-0245

Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected...

6.8CVSS5.8AI score0.0014EPSS

CNNVD•added 2026/05/13 12:0 a.m.•6 views

Palo Alto Networks Prisma Access Agent 信息泄露漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. The Prisma Access Agent has a vulnerability related to information leakage, which stems from multiple issues involving data leaks. This vulnerability may allow local users to access...

6.8CVSS5.8AI score0.0014EPSS