CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/09 6:30 p.m.•9 views

EUVD-2026-35446

7.1CVSS5.4AI score0.00253EPSS

Exploits0References2

NVD•added 2026/06/09 4:16 p.m.•9 views

CVE-2026-8045

7.1CVSS0.00253EPSS

CVE•added 2026/06/09 2:41 p.m.•14 views

CVE-2026-8045

CVE-2026-8045 describes a CWE-611 XML External Entity (XXE) vulnerability in a SOAP service endpoint that can disclose server-side file contents when a crafted XML payload is submitted by a Data Center Expert user. The affected behavior involves parsing user-supplied XML leading to information di...

7.1CVSS5.5AI score0.00253EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/06/09 2:41 p.m.•28 views

CVE-2026-8045

7.1CVSS0.00253EPSS

Packet Storm News•added 2026/06/03 12:0 a.m.•16 views

CRESS: Quantifying Vulnerabilities of Attack Scenarios in Hardware Reverse Engineering

The safety, security, and reliability of microelectronic systems depend on a trustworthy, secured supply chain and design flow. Globally distributed supply chains or unintentional design weaknesses leave the door open for attacks on the hardware level. These scenarios encompass counterfeiting,...

5.5AI score

Packet Storm News•added 2026/06/02 12:0 a.m.•20 views

Bastet: A Fine-Grained Expert-Labeled Dataset for DeFi Smart Contract Vulnerability Detection

Smart contract vulnerabilities in Decentralized Finance DeFi protocols resulted in over 1.49 billion USD in confirmed losses in 2024 alone, across 192 incidents 1. As LLM-based vulnerability detection emerges as a promising approach to address these threats, the quality of evaluation datasets has...

Packet Storm News•added 2026/05/23 12:0 a.m.•7 views

CyBOKClaw: Human-In-The-Loop CyBOK Mapping for Cybersecurity Curriculum

This paper presents CyBOKClaw, an interpretable human-in-the-loop retrieval framework for mapping cybersecurity keywords or phrases KWoPs to the Cyber Security Body of Knowledge CyBOK. Rather than treating the task as strict exact classification, the framework is designed as a top-k candidate...

Packet Storm News•added 2026/05/22 12:0 a.m.•10 views

Modernizing User Privacy Preference Measurement through GPPI: A GDPR-Aligned Privacy Preference Item Bank

Privacy measurement instruments e.g., CFIP, IUIPC, PAQ predate GDPR by over a decade and measure privacy concerns, distinct from preferences for regulatory protections e.g., data portability, erasure, automated decision-making rights. This leaves practitioners without tools to assess whether user...

Cvelist•added 2026/05/14 4:54 p.m.•30 views

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it...

6.8CVSS0.00125EPSS

Vulnrichment•added 2026/05/14 4:54 p.m.•7 views

CVE-2026-6332 Clear Text Storage of Sensitive Information on EcoStruxure™ Machine Expert HVAC

6.8CVSS5.8AI score0.00125EPSS

CVE•added 2026/05/14 4:54 p.m.•19 views

CVE-2026-6332

CVE-2026-6332 describes a plaintext storage of sensitive information vulnerability in Schneider Electric’s EcoStruxure Machine Expert HVAC platform. The issue centers on how sensitive data (potentially including protected source code) is stored, which could lead to confidentiality loss if an auth...

7.5CVSS5.8AI score0.00125EPSS

Exploits0References1Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•8 views

Schneider Electric Ecostruxure Machine Expert HVAC 安全漏洞

Schneider Electric Ecostruxure Machine Expert HVAC is a software platform developed by Schneider Electric, a French company, dedicated to the control and automation of heating, ventilation, and air conditioning equipment. Schneider Electric Ecostruxure Machine Expert HVAC has a security...

7.5CVSS5.8AI score0.00125EPSS

Packet Storm News•added 2026/05/08 12:0 a.m.•5 views

Can I Check What I Designed? Mapping Security Design DSLs to Code Analyzers

When assessing the potential impact of code-level vulnerabilities, e.g., discovered by automated analyzers, it is essential to consider them in the context of the system's security design. However, this is a challenging task due to the abstraction gap between security design, often specified usin...

5.7AI score

Packet Storm News•added 2026/05/05 12:0 a.m.•10 views

Root-Cause-Driven Automated Vulnerability Repair

Recent LLM-based systems have made automated vulnerability repair increasingly practical, but two challenges remain. First, without strong signals about where a bug originates, repair agents drift toward shallow edits that silence the observed failure while leaving the underlying defect unresolve...

5.9AI score

Packet Storm News•added 2026/05/03 12:0 a.m.•5 views

VulKey: Automated Vulnerability Repair Guided by Domain-Specific Repair Patterns

The increasing prevalence of software vulnerabilities highlights the need for effective Automatic Vulnerability Repair AVR tools. While LLM-based approaches are promising, they struggle to incorporate structured security knowledge from sources like CWE and NVD. Current methods either use this...

5.9AI score

Packet Storm News•added 2026/04/07 12:0 a.m.•2 views

From Incomplete Architecture to Quantified Risk: Multimodal LLM-Driven Security Assessment for Cyber-Physical Systems

Cyber-physical systems often contend with incomplete architectural documentation or outdated information resulting from legacy technologies, knowledge management gaps, and the complexity of integrating diverse subsystems over extended operational lifecycles. This architectural incompleteness...