CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added yesterday•3 views

CVE-2026-42296

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.4AI score0.00035EPSS

Exploits1References1

EUVD•added yesterday•4 views

EUVD-2025-210068

8.7CVSS5.8AI score0.00019EPSS

NVD•added 2 days ago•3 views

CVE-2025-8873

8.7CVSS0.00019EPSS

CVE•added 2 days ago•6 views

CVE-2025-8873

CVE-2025-8873 affects Arista EOS with IPsec enabled: a specially crafted packet can stop dataplane processing of all IPsec traffic, with control plane detecting and resetting the IPsec pipeline; after reset, IPsec traffic may not resume. Non-IPsec traffic is unaffected. Affected EOS releases incl...

8.7CVSS5.8AI score0.00019EPSS

NVD•added 2 days ago•4 views

CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

7.4CVSS0.00015EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-34294

7.4CVSS5.8AI score0.00015EPSS

Vulnrichment•added 2 days ago•4 views

CVE-2026-44393

5.8AI score0.00015EPSS

Positive Technologies•added 2 days ago•6 views

PT-2026-46407

8.7CVSS5.8AI score0.00019EPSS

Snyk•added 2026/05/29 5:22 p.m.•3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send route. An attacker can perform unauthorized privileged actions by leveraging inherited external routes to bypass required scope checks, enabling...

8.8CVSS5.5AI score0.00049EPSS

NVD•added 2026/05/28 6:16 p.m.•8 views

CVE-2026-45021

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is...

5.1CVSS0.00028EPSS

EUVD•added 2026/05/28 5:45 p.m.•4 views

EUVD-2026-32966

5.1CVSS5.8AI score0.00028EPSS

SUSE CVE•added 2026/05/28 3:52 a.m.•10 views

SUSE CVE-2026-46101

In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nftbitwise Reject zero shift operands for nftbitwise left and right shift expressions during initialization. The carry propagation logic computes the carry from the adjacent 32-bit word using...

EUVD•added 2026/05/27 9:54 p.m.•9 views

Exploits0References3

EUVD-2026-32675

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00049EPSS

NVD•added 2026/05/27 2:17 p.m.•7 views

CVE-2026-46101

0.00032EPSS

OSV•added 2026/05/27 2:17 p.m.•3 views

UBUNTU-CVE-2026-46101

5.7AI score0.00032EPSS

Exploits0References3

CVE•added 2026/05/27 12:59 p.m.•12 views

CVE-2026-46101

CVE-2026-46101 relates to the Linux kernel netfilter component, specifically the nft_bitwise operation. The issue arises from zero shift operands in left/right shift expressions during initialization. The carry propagation logic uses BITS_PER_TYPE(u32) - shift; a zero shift operand can produce a ...

ATTACKERKB•added 2026/05/27 12:59 p.m.•7 views

CVE-2026-46101

Exploits0References9Affected Software1

EUVD•added 2026/05/27 12:59 p.m.•7 views

EUVD-2026-32484