CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

hivepro•added 2026/03/03 6:14 p.m.•4 views

5 Best Qualys Replacement Solutions Reviewed

Knowing you have vulnerabilities is one thing; knowing if your defenses can actually stop an attack is another. Traditional vulnerability scanners tell you where the holes are, but they don't tell you if your security controls are configured correctly or if they'll perform under pressure. This is...

6.1AI score

Packet Storm News•added 2026/03/03 12:0 a.m.•4 views

Scores Know Bobs Voice: Speaker Impersonation Attack

Advances in deep learning have enabled the widespread deployment of speaker recognition systems SRSs, yet they remain vulnerable to score-based impersonation attacks. Existing attacks that operate directly on raw waveforms require a large number of queries due to the difficulty of optimizing in...

5.9AI score

Packet Storm News•added 2026/02/24 12:0 a.m.•6 views

AdapTools: Adaptive Tool-Based Indirect Prompt Injection Attacks on Agentic LLMs

The integration of external data services e.g., Model Context Protocol, MCP has made large language model-based agents increasingly powerful for complex task execution. However, this advancement introduces critical security vulnerabilities, particularly indirect prompt injection IPI attacks...

6AI score

Packet Storm News•added 2026/02/20 12:0 a.m.•3 views

Orbital Escalation: Modeling Satellite Ransomware Attacks Using Game Theory

Ransomware has yet to reach orbit, but the conditions for such an attack already exist. This paper presents the first game-theoretic framework for modeling ransomware against satellites: the orbital escalation game. In this model, the attacker escalates ransom demands across orbital passes, while...

5.9AI score

Akamai Blog•added 2026/02/18 6:0 p.m.•3 views

Why CEOs' AI Hype Really Isn't Landing with Employees

Read about the disconnect between CEO enthusiasm for AI and employee perception of its value, and learn how to build communication that moves adoption forward...

5.5AI score

hivepro•added 2026/02/17 4:8 p.m.•5 views

Tenable vs. Hive Pro: Key Differences Explained

If your security team is drowning in a sea of vulnerability alerts and struggling to make sense of multiple risk scores, you know that more data doesn't always mean more clarity. “The right threat exposure management platform should cut through the noise, not add to it.” When evaluating your...

5.8AI score

Cvelist•added 2026/02/10 3:4 a.m.•25 views

CVE-2026-24327 Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)

Due to missing authorization check in SAP Strategic Enterprise Management Balanced Scorecard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This leads to low impact on confidentiality and no effect on integrity or...

4.3CVSS0.00221EPSS

Exploits0References2

Packet Storm News•added 2026/02/10 12:0 a.m.•4 views

When Skills Lie: Hidden-Comment Injection in LLM Agents

LLM agents often rely on Skills to describe available tools and recommended procedures. We study a hidden-comment prompt injection risk in this documentation layer: when a Markdown Skill is rendered to HTML, HTML comment blocks can become invisible to human reviewers, yet the raw text may still b...

5.5AI score

ATTACKERKB•added 2026/02/06 4:32 p.m.•2 views

CVE-2026-2058

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is...

7.5CVSS5.2AI score0.00468EPSS

Exploits3References5

GithubExploit•added 2026/02/04 8:56 a.m.•135 views

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

5.6AI score

RedhatCVE•added 2026/01/31 3:21 p.m.•3 views

CVE-2026-25050

Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. In packages/core/src/config/auth/native-authentication-strategy.t...

OSV•added 2026/01/30 7:35 p.m.•4 views

Exploits1References1

GHSA-6F65-4FV2-WWCH Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

Summary The NativeAuthenticationStrategy.authenticate method is vulnerable to a timing attack that allows attackers to enumerate valid usernames email addresses. Details In packages/core/src/config/auth/native-authentication-strategy.ts, the authenticate method returns immediately if a user is no...

NVD•added 2026/01/30 4:16 p.m.•5 views

Exploits1References5

CVE-2026-25050

6.9CVSS0.00364EPSS

Vulnrichment•added 2026/01/30 3:11 p.m.•3 views

CVE-2026-25050 Vendure vulnerable to timing attack that enables user enumeration in NativeAuthenticationStrategy

EUVD•added 2026/01/30 3:11 p.m.•5 views

EUVD-2026-5025

CVE•added 2026/01/30 3:11 p.m.•17 views

CVE-2026-25050

Vendure CVE-2026-25050 describes a timing-attack vulnerability in the NativeAuthenticationStrategy.authenticate() method. Before version 3.5.3, authentication returns immediately when a user is not found, while a real user triggers bcrypt password verification, creating a measurable timing differ...