CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 3 days ago•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than...

9.8CVSS5.8AI score0.00035EPSS

Exploits0Affected Software1

Nuclei•added 3 days ago•66 views

Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE

Gladinet CentreStack through 16.1.10296.56315 fixed in 16.4.10315.56368 has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. This enables threat actors who know the machineKey to serialize a payload for server-side...

9.8CVSS7.8AI score0.85362EPSS

Exploits6References3

IBM Security Bulletins•added 6 days ago•19 views

Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty, that could provide weaker than expected security (CVE-2025-14923)

Summary Security Bulletin: IBM Maximo Application Suite - Predict Component uses WebSphere Application Server Liberty ,that could provide weaker than expected security CVE-2025-14923. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details...

9.8CVSS5.8AI score0.00035EPSS

Exploits0Affected Software1

Vulnrichment•added last week•3 views

CVE-2026-45041 RustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgery

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...

8.7CVSS5.9AI score0.00054EPSS

IBM Security Bulletins•added 2026/05/26 7:27 a.m.•7 views

Security Bulletin: Vulnerability in IBM WebSphere Application ( CVE-2025-14923) affects IBM PowerVM Novalink.

Summary IBM WebSphere Libery Profile is used by IBM PowerVM Novalink. IBM PowerVM Novalink has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could...

9.8CVSS5.8AI score0.00035EPSS

Exploits0Affected Software1

CNNVD•added 2026/05/21 12:0 a.m.•4 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the hardcoding of a Google Maps API key in the tables.php file, which coul...

6.9CVSS5.9AI score0.00037EPSS

NVD•added 2026/05/19 10:16 a.m.•6 views

CVE-2026-31986

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS0.00095EPSS

Exploits0References2

CVE•added 2026/05/19 9:34 a.m.•13 views

CVE-2026-31986

CVE-2026-31986 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is described as a use of a hard-coded cryptographic key, enabling unauthenticated access/impact via default JWT signing key and widget/template injection per CVE listings. The root cause is tied to a hard-coded k...

9.1CVSS5.8AI score0.00095EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/19 9:34 a.m.•1 views

CVE-2026-31986

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00095EPSS

Exploits0References2

EUVD•added 2026/05/19 9:34 a.m.•5 views

EUVD-2026-30873

Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

9.1CVSS5.8AI score0.00095EPSS

RedhatCVE•added 2026/05/19 1:58 a.m.•7 views

CVE-2026-8739

A vulnerability was detected in Sanluan PublicCMS 5.202506.d. The affected element is the function getSignKey of the file publiccms-core/src/main/java/com/publiccms/logic/component/config/SafeConfigComponent.java. The manipulation of the argument privatefilekey results in use of hard-coded...

6.9CVSS5.6AI score0.00037EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•4 views

PT-2026-41855

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 24.09.06 Description Apache OFBiz contains a hard-coded cryptographic key. This flaw may allow remote attackers to gain unauthorized access, expose sensitive data, or tamper with application data. Recommendations...

9.1CVSS5.8AI score0.00095EPSS

Exploits0References7

NVD•added 2026/05/17 8:16 a.m.•6 views

CVE-2026-8739

6.9CVSS0.00037EPSS

Cvelist•added 2026/05/17 7:45 a.m.•35 views

CVE-2026-8739 Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key

6.9CVSS0.00037EPSS

EUVD•added 2026/05/17 7:45 a.m.•9 views

EUVD-2026-30687

ATTACKERKB•added 2026/05/17 7:45 a.m.•6 views

CVE-2026-8739

Exploits0References4Affected Software1

Vulnrichment•added 2026/05/17 7:45 a.m.•7 views

CVE-2026-8739 Sanluan PublicCMS SafeConfigComponent.java getSignKey hard-coded key

CVE•added 2026/05/17 7:45 a.m.•12 views

CVE-2026-8739

Sanluan PublicCMS 5.202506.d is affected by CVE-2026-8739 in SafeConfigComponent.getSignKey. Manipulating the privatefile_key argument leads to use of a hard-coded cryptographic key, enabling a remote attack. The exploit is public and may be used; vendor contact about disclosure was unresponsive....

Positive Technologies•added 2026/05/17 12:0 a.m.•6 views

PT-2026-41525