CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

29457 matches found

EUVD•added 2026/05/26 9:21 p.m.•11 views

EUVD-2026-32007

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

8.3CVSS5.9AI score0.00102EPSS

Exploits1References1

ATTACKERKB•added 2026/05/26 9:21 p.m.•9 views

CVE-2026-44966

8.3CVSS5.9AI score0.00102EPSS

Exploits1References2Affected Software1

EUVD•added 2026/05/26 8:46 p.m.•10 views

EUVD-2026-31997

Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment unsandboxed to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt are vulnerable to Server-Side Template Injection...

7.5CVSS5.9AI score0.00166EPSS

Exploits0References2

HackRead•added 2026/05/26 6:46 p.m.•8 views

Trojanized Gemini and Claude Installers Target Developers Via SEO Poisoning

Cybercriminals are using SEO poisoning and fake Gemini and Claude installer sites to infect developers with fileless malware and steal data...

5.8AI score

Exploits0

Snyk•added 2026/05/26 6:40 p.m.•6 views

Race Condition

Overview github.com/xyproto/algernon/engine is a Affected versions of this package are vulnerable to Race Condition. in the handle process due to the sync.RWMutex being released before L.Push and L.PCall execute. An attacker can cause Lua VM corruption or unpredictable server behavior by making...

8.2CVSS5.8AI score0.0005EPSS

Exploits0References2

Snyk•added 2026/05/26 6:40 p.m.•4 views

Exposure of Resource to Wrong Sphere

Overview Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the engine/flags.go process, which causes the SSE event server to bind to all network interfaces by default on Linux and macOS. An attacker can access sensitive event data by connecting to the...

5.3CVSS5.8AI score0.00006EPSS

Exploits0References2

RedhatCVE•added 2026/05/26 2:12 p.m.•8 views

CVE-2026-39968

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the fix for GHSA-4xc5-wfwc-jw47 "Credential Theft via Client-Side Script Execution and API Authorization Bypass" is incomplete. While the builder's getCredentials tRPC endpoint was patched with workspace membership checks, the...

7.1CVSS5.8AI score0.00041EPSS

Exploits0References1

OSV•added 2026/05/26 1:8 p.m.•5 views

MAL-2026-4814 Malicious code in vectordb-engine (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42695503b90ec4adc30c038c3321d637f05038f841bcc5f463a16b891fe4e3e0 During pip install, a custom buildext step in src/vectordbenginebuild.py runs an obfuscated payload that performs targeted reconnaissance and...

5.9AI score

Exploits0References2

Positive Technologies•added 2026/05/26 12:0 a.m.•10 views

PT-2026-43211

Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: 1. CVE-2025-43520 - 📝 A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Tahoe 26.1, visionOS 26.1, tvOS 26.1, macOS...

9.8CVSS7.6AI score0.56657EPSS

Exploits22References3

Tenable Nessus•added 2026/05/26 12:0 a.m.•8 views

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:2039-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2039-1 advisory. This update for MozillaFirefox fixes the following issue Update to Firefox Extended Support Release 140.11.0 ESR MFSA 2026-48 bsc1265212 -...

9.8CVSS6AI score0.00164EPSS

Exploits0References42

Packet Storm News•added 2026/05/26 12:0 a.m.•20 views

SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?

Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...

5.9AI score

Exploits0

Cvelist•added 2026/05/25 8:0 p.m.•18 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

A vulnerability has been found in Dromara lamp-cloud up to 5.6.2. Impacted is the function GroovyClassLoader.parseClass of the component Message Template Handler. Such manipulation of the argument DefMsgTemplate.content leads to improper neutralization of special elements used in a template engin...

6.5CVSS0.00046EPSS

Exploits0References4

Vulnrichment•added 2026/05/25 8:0 p.m.•7 views

CVE-2026-9498 Dromara lamp-cloud Message Template GroovyClassLoader.parseClass special elements used in a template engine

6.5CVSS6.2AI score0.00046EPSS

Exploits0References4

NVD•added 2026/05/25 10:16 a.m.•9 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS0.00088EPSS

Exploits0References3