CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSSF Malicious Packages•added 2026/05/25 8:9 a.m.•10 views

Malicious code in wm-plugin-set-walkme-language (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b3a79fac1678c77b806378e3a6a61fbe14204f4ff38758d151a231e0d990ea94 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ATTACKERKB•added 2026/05/25 7:38 a.m.•7 views

Exploits0References1

CVE-2026-45249

A cross-site scripting XSS vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0, if both Lines series and tooltip are used, and no user-specified tooltip.formatter is provided, and...

5.8AI score0.00091EPSS

Packet Storm News•added 2026/05/25 12:0 a.m.•8 views

Intelligent Detection and Mitigation of Carpet-Bombing DDoS Attacks in SDN Using Retrieval-Augmented Generation and Large Language Models

Software-Defined Networking SDN provides flexible and programmable network management; however, its centralized control architecture remains highly vulnerable to Distributed Denial-of-Service DDoS attacks, particularly Carpet-Bombing DDoS attacks that distribute malicious traffic across multiple...

CNNVD•added 2026/05/25 12:0 a.m.•5 views

Genetec Security Center 安全漏洞

Genetec Security Center is a unified security platform from Genetec. Connect your security systems, sensors and data in one interface to streamline your operations. Genetec Security Center has a security vulnerability that stems from being susceptible to SQL injection attacks...

6.6CVSS5.9AI score0.00035EPSS

Exploits0References4

Packet Storm News•added 2026/05/25 12:0 a.m.•7 views

Security of OpenClaw Agents: Fundamentals, Attacks, and Countermeasures

The rapid evolution of large language model LLM-driven autonomous agents has given rise to OpenClaw, a new class of open-source agent frameworks that operate as continuously running, skill-augmented systems with persistent memory, multi-channel interaction, and high degrees of autonomy. Such...

5.9AI score

CNNVD•added 2026/05/25 12:0 a.m.•5 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework from VMware that integrates Artificial Intelligence and Large Language Modeling capabilities in the Spring ecosystem. A security vulnerability exists in VMware Spring AI versions 1.1.0 through 1.1.x. The vulnerability stems from a failure to clean up...

6.5CVSS5.8AI score0.0005EPSS

Exploits0References1

Positive Technologies•added 2026/05/25 12:0 a.m.•8 views

PT-2026-43079

Name of the Vulnerable Software and Affected Versions Apache Syncope versions 3.0 through 3.0.16 Apache Syncope versions 4.0 through 4.0.5 Apache Syncope version 4.1.0 Description An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL Java Expression Language...

4.9CVSS5.8AI score0.00061EPSS

Exploits0References7

CNNVD•added 2026/05/25 12:0 a.m.•6 views

Code-Projects Employee Management System SQL注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system . Code-Projects Employee Management System version 1.0 suffers from a SQL injection vulnerability that originates from the operation of the parameter pid by an unknown function in the /psubmit.php...

6.5CVSS6.7AI score0.00031EPSS

Vulnrichment•added 2026/05/24 2:0 p.m.•7 views

CVE-2026-9386 Totolink A8000RU Web Management cstecgi.cgi setLanguageCfg os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. Impacted is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument lang leads to os command injection. The attack may be performed from remote...

10CVSS7.1AI score0.01254EPSS

EUVD•added 2026/05/24 1:40 p.m.•11 views

EUVD-2026-31598

A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious config.json file containing the attnimplementationinternal field set to an attacker-controlled HuggingFac...

7.8CVSS7.8AI score0.00089EPSS

Exploits1References2

Cvelist•added 2026/05/24 1:15 p.m.•12 views

CVE-2026-9383 itsourcecode Electronic Judging System login.php sql injection

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS0.00039EPSS

GithubExploit•added 2026/05/24 11:38 a.m.•80 views

PwnGPT-Automation

PwnGPT Caputre the flag with Large Language Models. Constructe...

6AI score

OSV•added 2026/05/24 12:20 a.m.•5 views

OSV-2026-807 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515650237 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.statement java.base/jdk.internal.misc.Unsafe.weakCompareAndSetInt...

CNNVD•added 2026/05/24 12:0 a.m.•5 views

Exploits0References1

itsourcecode Electronic Judging System SQL注入漏洞

itsourcecode Electronic Judging System is an open-source electronic referee system developed by itsourcecode. Version 1.0 of the itsourcecode Electronic Judging System has a SQL injection vulnerability. This vulnerability stems from improper handling of the Username parameter in the file...

7.5CVSS7.2AI score0.00039EPSS

Exploits0References6

Packet Storm News•added 2026/05/24 12:0 a.m.•8 views

APT-Agent: Automated Penetration Testing Using Large Language Models

Penetration testing is essential to securing modern web infrastructures, yet traditional manual methods struggle to keep pace with their scale and complexity. Large Language Models LLMs offer new opportunities for automating these tasks, but existing approaches face two persistent challenges:...

Positive Technologies•added 2026/05/24 12:0 a.m.•8 views

PT-2026-42914

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/manage history.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

7.5CVSS6.8AI score0.00039EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•7 views

PT-2026-45896

Packet Storm News•added 2026/05/24 12:0 a.m.•8 views

Exploits0References2

Securing High-Performance Data Transfers: Implementing AES Encryption in RDMA Systems

Remote Direct Memory Access RDMA is a key enabler of high-performance systems, offering low latency, high throughput, and reduced CPU overhead by allowing direct memory-to-memory transfers between machines. However, its design bypasses traditional CPU-mediated security mechanisms, introducing...