CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Qualys Blog•added 2026/04/15 6:2 p.m.•7 views

Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace

Key Takeaways Qualys VMDR and TotalCloud are now available on the Oracle Cloud Marketplace, simplifying procurement and deployment for Oracle Cloud Infrastructure OCI customers. Organizations can deploy security faster with native OCI integration and one-click provisioning. The combined platform...

5.8AI score

The Hacker News•added 2026/04/15 5:9 p.m.•4 views

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors have been observed weaponizing n8n, a popular artificial intelligence AI workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these...

5.9AI score

Snyk•added 2026/04/15 10:13 a.m.•3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the verifybyte expected function in JcaContentVerifierProviderBuilder. An attacker can forge a protected CMP/PKI message by supplying an empty composite signature sequence that...

9.2CVSS5.7AI score0.00259EPSS

Exploits0References3

Talos Blog•added 2026/04/15 10:0 a.m.•4 views

The n8n n8mare: How threat actors are misusing AI workflow automation

Cisco Talos research has uncovered agentic AI workflow automation platform abuse in emails. Recently, we identified an increase in the number of emails that abuse n8n, one of these platforms, from as early as October 2025 through March 2026. In this blog, Talos provides concrete examples of how...

5.9AI score

Vulnrichment•added 2026/04/15 9:6 a.m.•0 views

CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid.

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...

6.3CVSS5.8AI score0.00259EPSS

Exploits0References2

RedhatCVE•added 2026/04/14 7:23 p.m.•3 views

CVE-2026-6141

A vulnerability was determined in danielmiessler PersonalAIInfrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parseurl.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclos...

The Hacker News•added 2026/04/13 9:15 a.m.•5 views

Exploits0References1

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

The North Korean hacking group tracked as APT37 aka ScarCruft has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery...

6.1AI score

NVD•added 2026/04/13 1:16 a.m.•0 views

CVE-2026-6141

6.5CVSS0.0111EPSS

Cvelist•added 2026/04/13 12:45 a.m.•27 views

CVE-2026-6141 danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection

6.5CVSS0.0111EPSS

ATTACKERKB•added 2026/04/13 12:45 a.m.•3 views

CVE-2026-6141

Exploits0References8Affected Software1

Vulnrichment•added 2026/04/13 12:45 a.m.•2 views

CVE-2026-6141 danielmiessler Personal_AI_Infrastructure parse_url.ts os command injection

CVE•added 2026/04/13 12:45 a.m.•6 views

CVE-2026-6141

The CVE-2026-6141 entry affects danielmiessler Personal_AI_Infrastructure up to version 2.3.0, targeting an unknown function in Skills/Parser/Tools/parse_url.ts. The vulnerability allows remote OS command injection via manipulation of that function. The exploit has been publicly disclosed, and a ...

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

PT-2026-32198

A vulnerability was determined in danielmiessler Personal AI Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse url.ts. Executing a manipulation can lead to os command injection. The attack may be launched remotely. The exploit has been publicly...

6.5CVSS5.5AI score0.0111EPSS

Exploits0References8

CNNVD•added 2026/04/13 12:0 a.m.•2 views

Personal AI Infrastructure 操作系统命令注入漏洞

Personal AI Infrastructure is a personal AI infrastructure building tool developed by Daniel Miessler as a personal project. Versions of Personal AI Infrastructure prior to 2.3.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper...

6.5CVSS6.6AI score0.0111EPSS

Exploits0References6

Akamai Blog•added 2026/04/10 11:0 a.m.•6 views

Why Managed Agents Needs Distributed Infrastructure

...

5.8AI score