CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/14 3:36 p.m.•9 views

EUVD-2026-30316

8.2CVSS5.9AI score0.00069EPSS

Cvelist•added 2026/05/14 3:36 p.m.•37 views

CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

8.2CVSS0.00069EPSS

Microsoft Secure•added 2026/05/14 3:0 p.m.•9 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score

Exploits0

EUVD•added 2026/05/13 9:32 p.m.•7 views

EUVD-2026-30098

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

ATTACKERKB•added 2026/05/13 6:46 p.m.•4 views

Exploits0References2

CVE-2026-0247

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

CVE•added 2026/05/13 6:46 p.m.•9 views

Exploits0References2

CVE-2026-0247

The CVE-2026-0247 entry refers to multiple authorization-bypass vulnerabilities in the Endpoint DLP component of the Prisma Access Agent. The underlying issue allows a local attacker to bypass authentication controls and perform privileged operations. The description specifies affected software a...

NVD•added 2026/05/13 4:17 p.m.•8 views

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS0.00013EPSS

Cvelist•added 2026/05/13 3:45 p.m.•27 views

CVE-2026-45033 GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor

8.5CVSS0.00013EPSS

RedhatCVE•added 2026/05/13 2:21 p.m.•6 views

CVE-2026-22924

A vulnerability has been identified in SIMATIC CN 4100 All versions V5.0. The affected application does not properly restrict unauthenticated connections and is susceptible to resource exhaustion conditions. This could allow an attacker to disrupt normal operations or perform unauthorized actions...

9.1CVSS5.7AI score0.00051EPSS

OSV•added 2026/05/13 8:57 a.m.•6 views

CLSA-2026-1778662651 libcap: Fix of CVE-2026-4878

CVE-2026-4878: capsetfile TOCTOU race via path-based xattr operations...

7CVSS5.8AI score0.00013EPSS

ATTACKERKB•added 2026/05/13 5:29 a.m.•5 views

CVE-2026-6965

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the getcourseidby function unconditionally trusting the user-supplied course GET parameter as the authoritative course ...

5.3CVSS5.7AI score0.00081EPSS

Exploits0References54

Cvelist•added 2026/05/13 5:29 a.m.•31 views

CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter

5.3CVSS0.00081EPSS

Exploits0References53

EUVD•added 2026/05/13 5:29 a.m.•11 views

EUVD-2026-29914

5.3CVSS5.7AI score0.00081EPSS

Exploits0References53

NVD•added 2026/05/13 4:17 a.m.•5 views

CVE-2026-8202

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

6.5CVSS0.0005EPSS

Vulnrichment•added 2026/05/13 12:8 a.m.•7 views

CVE-2026-8200 Schema validation log messages may not redact user data

When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 version...

4.8CVSS5.8AI score0.00041EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•8 views

PT-2026-40771

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

CVE•added 2026/05/13 12:0 a.m.•10 views

Exploits0References2

CVE-2026-31156

CVE-2026-31156 describes a path-injection flaw in OpenPLC v3 arising from glue_generator.cpp not validating file path arguments passed on the command line. User-supplied paths are handed directly to file APIs (fopen/ifstream/ofstream), enabling an attacker to read arbitrary readable files. Public...

6.5CVSS5.9AI score0.00043EPSS

Exploits2References2Affected Software1

CNNVD•added 2026/05/13 12:0 a.m.•8 views

GitHub Copilot CLI 安全漏洞

GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI prior to version 1.0.43 contained a security vulnerability. This vulnerability stemmed from malicious bare git repositories nested within project directories. When the agent performed...

8.5CVSS6AI score0.00013EPSS

CNNVD•added 2026/05/13 12:0 a.m.•7 views

Plasma Workspace 安全漏洞

Plasma Workspace is an open-source application developed by the KDE GitHub Mirror project. It serves to run various components required for a Plasma-based environment. Plasma Workspace has a security vulnerability that stems from multiple issues, which may allow an infected plasmalogin service...

7CVSS5.9AI score0.00014EPSS