CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/01 11:0 p.m.•3 views

CVE-2026-2123

A security audit identified a privilege escalation vulnerability in Operations Agent=OA 12.29 on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability...

Snyk•added 2026/04/01 8:30 p.m.•0 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via batch operation. An attacker can perform unauthorized operations such as signaling, deleting, or resetting workflows or activities in another namespace by manipulating the namespace...

4.9CVSS5.9AI score0.00198EPSS

Schneier on Security•added 2026/04/01 4:57 p.m.•6 views

Is “Hackback” Official US Cybersecurity Strategy?

The 2026 US "Cyber Strategy for America" document is mostly the same thing we've seen out of the White House for over a decade, but with a more aggressive tone. But one sentence stood out: "We will unleash the private sector by creating incentives to identify and disrupt adversary networks and...

5.8AI score

Akamai Blog•added 2026/04/01 12:0 p.m.•4 views

How Managed Databases Are Transforming Today’s IT Landscape

...

5.8AI score

Github Security Blog•added 2026/04/01 12:23 a.m.•5 views

@tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...

8.3CVSS5.8AI score0.00415EPSS

Exploits0References4Affected Software1

CNNVD•added 2026/04/01 12:0 a.m.•3 views

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Reader and Foxit PDF Editor have security vulnerabilities. These vulnerabilities stem from PDF JavaScript and document/pri...

7.5CVSS5.8AI score0.00109EPSS

CNNVD•added 2026/04/01 12:0 a.m.•3 views

cronmaster 安全漏洞

Cronmaster is a web-based Cron task management and system monitoring tool developed by fccview’s individual developers. Versions of Cronmaster prior to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from authentication bypasses in the middleware. When session verification...

8.3CVSS5.9AI score0.00443EPSS

vulnersOsv•added 2026/03/31 11:2 p.m.•4 views

@dojo/cli-test-intern (>=0.1.0 <=2.0.0-beta3.1), express_mvc (>=4.1.1 <=4.3.10) +7 more potentially affected by CVE-2021-23337 +1 more via lodash-amd (>=4.16.4 <=4.17.23)

lodash-amd NPM version =4.16.4, =0.1.0, =4.1.1, =3.4.0, =0.0.1, =1.0.14, =0.0.7, =0.0.1, =0.1.5 - xirtam--matrix-operations =0.1.3 Source cves: CVE-2021-23337, CVE-2026-4800 Source advisory: SNYK:JS-LODASHAMD-15869626...

9.8CVSS6.8AI score0.2241EPSS

Exploits2

EUVD•added 2026/03/31 6:31 p.m.•3 views

EUVD-2026-17534

NVD•added 2026/03/31 6:16 p.m.•3 views

CVE-2026-2123

8.6CVSS0.00101EPSS

Vulnrichment•added 2026/03/31 5:18 p.m.•2 views

CVE-2026-2123 Privilege escalation vulnerability in Operations Agent

ATTACKERKB•added 2026/03/31 5:18 p.m.•2 views

CVE-2026-2123

EUVD•added 2026/03/31 3:31 p.m.•2 views

EUVD-2026-17423

Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations...

6.3AI score0.01659EPSS

Exploits0References3

ATTACKERKB•added 2026/03/31 2:53 p.m.•2 views

CVE-2026-4818

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

6.8CVSS5.9AI score0.00189EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/31 2:53 p.m.•4 views

CVE-2026-4818

CVE-2026-4818 affects Search Guard FLX, specifically versions 3.0.0 through 4.0.1. The vulnerability allows users who lack the required privileges to execute certain management operations on data streams. The available documents consistently state this issue but do not provide details on the exac...

8.1CVSS5.9AI score0.00189EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/31 2:53 p.m.•20 views

CVE-2026-4818 Some management operations on data streams are not properly restricted when user does not have the necessary privileges

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

6.8CVSS0.00189EPSS

RedhatCVE•added 2026/03/31 4:59 a.m.•5 views

CVE-2025-7741

Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account PROG used for CENTUM Authentication Mode within the system. Under the following conditions, there is a risk that an attacker could log in as the PROG user. The default...

2.1CVSS5.8AI score0.00165EPSS

Ubuntu•added 2026/03/31 12:19 a.m.•6 views

USN-8135-1: Pillow vulnerabilities

It was discovered that Pillow did not correctly handle reading J2K files, which could lead to an out-of-bounds read vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue...

9.1CVSS7.8AI score0.02956EPSS