CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/05/25 12:0 a.m.•5 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework from VMware that integrates Artificial Intelligence and Large Language Modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.1.0 through 1.1.x. The vulnerability stems from a failure to clean up...

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 2026/05/25 12:0 a.m.•8 views

PT-2026-43079

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL Java Expression Language...

4.9CVSS5.8AI score0.00061EPSS

Exploits0References7

CNNVD•added 2026/05/25 12:0 a.m.•5 views

Code-Projects Employee Management System SQL注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 suffers from a SQL injection vulnerability that originates from the operation of the parameter pid by an unknown function in the /psubmit.php...

6.5CVSS6.7AI score0.00031EPSS

Vulnrichment•added 2026/05/24 2:0 p.m.•7 views

CVE-2026-9386 Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...

10CVSS7.1AI score0.01254EPSS

EUVD•added 2026/05/24 1:40 p.m.•11 views

EUVD-2026-31598

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00089EPSS

Exploits1References2

Cvelist•added 2026/05/24 1:15 p.m.•12 views

CVE-2026-9383 itsourcecode Electronic Judging System login.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS0.00039EPSS

GithubExploit•added 2026/05/24 11:38 a.m.•80 views

PwnGPT-Automation

PwnGPT Caputre the flag with Large Language Models. Constructe...

6AI score

OSV•added 2026/05/24 12:20 a.m.•5 views

OSV-2026-807 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

CNNVD•added 2026/05/24 12:0 a.m.•5 views

Exploits0References1

itsourcecode Electronic Judging System SQL注入漏洞

itsourcecode Electronic Judging System is an open-source electronic referee system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System has a SQL injection vulnerability. This vulnerability stems from improper handling of the Username parameter in the file...

7.5CVSS7.2AI score0.00039EPSS

Exploits0References6

Packet Storm News•added 2026/05/24 12:0 a.m.•8 views

APT-Agent: Automated Penetration Testing Using Large Language Models

Penetration testing is essential to securing modern web infrastructures, yet traditional manual methods struggle to keep pace with their scale and complexity. Large Language Models LLMs offer new opportunities for automating these tasks, but existing approaches face two persistent challenges:...

Positive Technologies•added 2026/05/24 12:0 a.m.•8 views

PT-2026-42914

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

7.5CVSS6.8AI score0.00039EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•7 views

PT-2026-45896

Packet Storm News•added 2026/05/24 12:0 a.m.•8 views

Exploits0References2

Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems

Remote Direct Memory Access RDMA is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing...

CNNVD•added 2026/05/24 12:0 a.m.•5 views

TOTOLINK A8000RU 操作系统命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a vulnerability related to operating system command injection. This vulnerability stems from improper handling of the parameter “lang” in the function...

10CVSS7.3AI score0.01254EPSS

Packet Storm News•added 2026/05/24 12:0 a.m.•6 views

MemMorph: Tool Hijacking in LLM Agents Via Memory Poisoning

LLM-driven agents are capable of selecting external tools to complete users' tasks. However, attackers could compromise such process, steering agents toward inappropriate/wrong tools and enabling malicious actions. Most existing attacks primarily manipulate the tool metadata, which is easily...

5.7AI score