CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Fedora•added 2026/04/16 11:42 p.m.•7 views

[SECURITY] Fedora 44 Update: spacebar-6.6.4-1.fc44

Spacebar is a telepathy-qt based SMS application that primarily targets Plasm a Mobile...

RedHat Linux•added 2026/04/16 3:32 p.m.•2 views

Important: Red Hat Security Advisory: Red Hat AMQ Broker 7.14.0 release and security update

Red Hat AMQ Broker 7.14.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.7CVSS6.8AI score0.0111EPSS

Exploits1References34

ATTACKERKB•added 2026/04/13 12:0 a.m.•0 views

CVE-2026-31281

Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. NOTE: The...

8CVSS5.5AI score0.00302EPSS

Exploits0References3

Wolfi•added 2026/04/11 2:51 a.m.•7 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: sftpgo-plugin-eventsearch, smokescreen, victoriametrics, supercronic, malcontent, ingress-nginx-controller, nfs-subdir-external-provisioner, newrelic-infra-operator, newrelic-k8s-metadata-injection, flux-source-controller, tailscale, omnibump,...

Chainguard•added 2026/04/11 2:18 a.m.•5 views

GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: nodetaint-fips, aws-iam-authenticator, polaris-fips, commercial-chainloop-backend, kube-logging-logging-operator, sealed-secrets-fips, sftpgo-plugin-eventsearch, newrelic-infra-operator, ingress-nginx-controller, dkron, victorialogs-fips, eks-node-monitoring-agent,...

Chainguard•added 2026/04/11 2:18 a.m.•7 views

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: trivy, datadog-agent, influxd, caddy, commercial-chainloop-backend, ingress-nginx-controller, elastic-agent, rabbitmq-messaging-topology-operator, kube-state-metrics, rclone-fips, snyk-cli, gatekeeper-fips, ko-fips, gitaly, juicefs, rke2-runtime, sonobuoy, kyverno,...

Chainguard•added 2026/04/11 2:18 a.m.•9 views

CVE-2026-32288 vulnerabilities

5.5CVSS5.8AI score0.0029EPSS

Cvelist•added 2026/04/10 4:3 p.m.•27 views

CVE-2026-35664 OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

6.9CVSS0.00276EPSS

Exploits0References3

EUVD•added 2026/04/10 4:3 p.m.•2 views

EUVD-2026-21468

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypas...

6.9CVSS5.8AI score0.00285EPSS

Exploits0References3

EUVD•added 2026/04/07 6:31 p.m.•2 views

EUVD-2026-19640

A native messaging host vulnerability in Pega Browser Extension PBE affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could occur if a user navigat...

NVD•added 2026/04/07 4:16 p.m.•6 views

Exploits0References2

CVE-2026-1079

6CVSS0.0026EPSS

Cvelist•added 2026/04/07 3:17 p.m.•14 views

CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.

6CVSS0.0026EPSS

Vulnrichment•added 2026/04/07 3:17 p.m.•2 views

CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension.

ATTACKERKB•added 2026/04/07 3:17 p.m.•1 views

CVE-2026-1079

CVE•added 2026/04/07 3:17 p.m.•6 views

Exploits0References2

CVE-2026-1079

CVE-2026-1079 describes a native messaging host vulnerability in the Pega Browser Extension (PBE) affecting users of all versions of Pega Robotic Automation with PBE installed. The issue allows a malicious website to trigger an unexpected message box via the native messaging host when a user visi...

vulnersOsv•added 2026/04/07 9:31 a.m.•5 views

be.yildiz-games:module-messaging-activemq (=2.0.0), cn.hutool.v7:hutool-extra (>=7.0.0-M2 <=7.0.0-M5) +158 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-client (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-client MAVEN version =6.0.0, =7.0.0-M2, =1.1.0, =2.55.0, =1.0.5, =1.1.0, =1.1.0, =1.1.0, =0.2.0, =1.1.0, =7.0.0, =7.0.0, =7.0.1 and more Source cves: CVE-2026-33227 Source advisory: OSV:GHSA-H2H4-5M64-M273...

4.3CVSS5.4AI score0.00419EPSS

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30847

CNNVD•added 2026/04/07 12:0 a.m.•4 views

Exploits0References2

Pegasystems Pega Robotic Automation 安全漏洞

Pegasystems Pega Robotic Automation is a robotic process automation software developed by Pegasystems Inc. in the United States. There is a security vulnerability in Pegasystems Pega Robotic Automation. This vulnerability stems from a vulnerability in the native messaging host of the Pega Browser...

6CVSS5.8AI score0.0026EPSS