CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/04/23 12:0 a.m.•0 views

FixV2W: Correcting Invalid CVE-CWE Mappings with Knowledge Graph Embeddings

Accurate mapping between Common Vulnerabilities and Exposures CVE and Common Weakness Enumeration CWE entries is critical for effective vulnerability management and risk assessment. However, public databases, such as the National Vulnerability Database NVD, suffer from inconsistent and incomplete...

5.5AI score

Github Security Blog•added 2026/04/22 2:52 p.m.•3 views

engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection

Summary The local HTTP server started by engram server binding 127.0.0.1:7337 by default was exposed to any browser origin with no authentication unless ENGRAMAPITOKEN was explicitly set. Combined with Access-Control-Allow-Origin: on every response and a body parser that did not require...

5.8AI score

Exploits0References3Affected Software1

OSV•added 2026/04/22 2:52 p.m.•2 views

GHSA-2R2P-4CGF-HV7H engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection

8.6CVSS5.8AI score

Packet Storm News•added 2026/04/15 12:0 a.m.•3 views

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

5.8AI score

Packet Storm News•added 2026/04/13 12:0 a.m.•1 views

Beyond RAG for Cyber Threat Intelligence: A Systematic Evaluation of Graph-Based and Agentic Retrieval

Cyber threat intelligence CTI analysts must answer complex questions over large collections of narrative security reports. Retrieval-augmented generation RAG systems help language models access external knowledge, but traditional vector retrieval often struggles with queries that require reasonin...

5.8AI score

RedhatCVE•added 2026/03/26 3:10 p.m.•1 views

CVE-2026-1393

The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to...

Patchstack•added 2026/03/23 7:28 p.m.•3 views

Exploits0References1

WordPress Add Google Social Profiles to Knowledge Graph Box plugin <= 1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Add Google Social Profiles to Knowledge Graph Box versions = 1.0...

4.3CVSS5.8AI score0.00016EPSS

Exploits0References1Affected Software1

EUVD•added 2026/03/21 6:30 a.m.•0 views

EUVD-2026-14007

NVD•added 2026/03/21 4:16 a.m.•2 views

Exploits0References4

CVE-2026-1393

4.3CVSS0.00016EPSS

Cvelist•added 2026/03/21 3:26 a.m.•26 views

CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00016EPSS

Vulnrichment•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-1393 Add Google Social Profiles to Knowledge Graph Box <= 1.0 - Cross-Site Request Forgery to Settings Update

ATTACKERKB•added 2026/03/21 3:26 a.m.•1 views

CVE-2026-1393

CVE•added 2026/03/21 3:26 a.m.•2 views

Exploits0References4

CVE-2026-1393

The CVE-2026-1393 entry documents a CSRF vulnerability in the WordPress plugin “Add Google Social Profiles to Knowledge Graph Box” (versions up to 1.0). The root cause is missing nonce validation on the settings update functionality, allowing unauthenticated attackers to update the plugin’s Knowl...

CNNVD•added 2026/03/21 12:0 a.m.•2 views

WordPress plugin Add Google Social Profiles to Knowledge Graph Box 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Positive Technologies•added 2026/03/21 12:0 a.m.•2 views

PT-2026-26809

Packet Storm News•added 2026/02/11 12:0 a.m.•3 views

Exploits0References4

VulReaD: Knowledge-Graph-Guided Software Vulnerability Reasoning and Detection

Software vulnerability detection SVD is a critical challenge in modern systems. Large language models LLMs offer natural-language explanations alongside predictions, but most work focuses on binary evaluation, and explanations often lack semantic consistency with Common Weakness Enumeration CWE...

5.6AI score

Packet Storm News•added 2026/02/11 12:0 a.m.•3 views

TRACE: Timely Retrieval and Alignment for Cybersecurity Knowledge Graph Construction and Expansion

The rapid evolution of cyber threats has highlighted significant gaps in security knowledge integration. Cybersecurity Knowledge Graphs CKGs relying on structured data inherently exhibit hysteresis, as the timely incorporation of rapidly evolving unstructured data remains limited, potentially...

5.7AI score