CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 15 hours ago•4 views

EUVD-2026-36209

8.6CVSS5.4AI score

Cvelist•added 15 hours ago•5 views

CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations

8.6CVSS

CVE•added 15 hours ago•6 views

CVE-2026-40999

CVE-2026-40999 affects Spring Web Services (versions across 3.1.0–3.1.8, 4.0.0–4.0.18, 4.1.0–4.1.3, 5.0.0–5.0.1). When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS can initiate outbound connections via configured WebServiceMessageSender instances to destination...

8.6CVSS5.5AI score

Vulnrichment•added 15 hours ago•3 views

CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations

8.6CVSS5.4AI score

Positive Technologies•added 20 hours ago•4 views

PT-2026-48622

8.6CVSS5.5AI score

RedhatCVE•added 6 days ago•6 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.5AI score0.00028EPSS

RedhatCVE•added 6 days ago•7 views

CVE-2026-48148

Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames, or URL schemes. Any authenticated user with builder-level access can supply an...

5.3CVSS5.6AI score0.00043EPSS

Packet Storm News•added 2026/06/01 12:0 a.m.•5 views

DMonitor 1.0.3 Outbound Connection / Port Configuration Auditor

This Python script is an outbound connection and port configuration auditor for DMonitor version 1.0.3...

5.8AI score

Exploits0

NVD•added 2026/05/29 9:16 a.m.•11 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS0.0003EPSS

CVE•added 2026/05/29 7:59 a.m.•12 views

CVE-2026-10052

The CVE-2026-10052 entry describes a flaw in Quay config-tool where LDAP and SMTP validation endpoints can initiate outbound connections to user-supplied endpoints. With config editor access, an attacker can trigger requests from the Quay pod, enabling potential internal network reconnaissance an...

ATTACKERKB•added 2026/05/29 7:59 a.m.•6 views

CVE-2026-10052

RedhatCVE•added 2026/05/29 7:59 a.m.•6 views

CVE-2026-10052

EUVD•added 2026/05/29 7:59 a.m.•10 views

EUVD-2026-33260

Positive Technologies•added 2026/05/29 12:0 a.m.•8 views

PT-2026-44761

Packet Storm News•added 2026/05/29 12:0 a.m.•5 views

Thou Shall Not Pass: Gatekeeping Outbound TLS Connections

Despite the widespread use of Transport Layer Security TLS, its security guarantees are frequently compromised by outdated versions and misconfigurations. To analyze this problem, we collected more than 50 million TLS handshakes over a two-week period at our research institution, Fondazione Bruno...

5.7AI score

Exploits0

NVD•added 2026/05/27 6:16 p.m.•15 views

CVE-2026-48148

5.3CVSS0.00043EPSS

EUVD•added 2026/05/27 5:12 p.m.•9 views

EUVD-2026-32605

5.3CVSS5.9AI score0.00043EPSS

ATTACKERKB•added 2026/05/27 5:12 p.m.•6 views

CVE-2026-48148

5.3CVSS5.9AI score0.00043EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/27 12:0 a.m.•6 views

PT-2026-44059

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.35.3 Description The VectorDB configuration endpoint accepts a host parameter that lacks validation against internal IP ranges, reserved hostnames, or URL schemes. This allows an authenticated user with builder-lev...

5.3CVSS5.9AI score0.00043EPSS