CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

224 matches found

EUVD•added 2026/05/26 7:58 p.m.•7 views

EUVD-2026-31979

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

9.3CVSS5.7AI score0.00043EPSS

Exploits0References1

Positive Technologies•added 2026/05/26 12:0 a.m.•6 views

PT-2026-43403

9.3CVSS5.7AI score0.00043EPSS

Exploits0References2

CNNVD•added 2026/05/26 12:0 a.m.•4 views

Lumiverse 安全漏洞

Lumiverse is a full-featured AI chat application suite developed by Prolix OCs’ individual developers. Versions of Lumiverse prior to 0.9.7 contained security vulnerabilities. These vulnerabilities stemmed from component overlay systems, which used Sucrase to translate user-provided TSX files and...

9.3CVSS5.8AI score0.00043EPSS

Exploits0References2

Github Security Blog•added 2026/05/21 8:47 p.m.•9 views

@hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails

Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated compliant-looking evidence could suppress violations for different zones, hostnames, origins, or repositories in the same stack. Patched in 1.3.2...

5.8AI score

Exploits0References2Affected Software1

OSV•added 2026/05/21 8:47 p.m.•3 views

GHSA-59F3-7227-WMH4 @hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governance guardrails

8.7CVSS5.8AI score

Exploits0References2

Positive Technologies•added 2026/05/21 12:0 a.m.•7 views

PT-2026-42395

Name of the Vulnerable Software and Affected Versions mlflow/mlflow versions prior to 3.10.0 Description When basic authentication is enabled, the 'SearchModelVersions' REST API endpoint and the 'mlflowSearchModelVersions' GraphQL query lack proper per-model authorization checks. This allows any...

6.5CVSS6.6AI score0.00023EPSS

Exploits1References8

Snyk•added 2026/05/20 7:7 p.m.•1 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the OCI validator process when upstream rate limits are encountered. An attacker can bypass intended ownership restrictions by exploiting the lack of proper checks during rate-limited conditions. Remediation...

5.1CVSS5.8AI score0.0001EPSS

Exploits0References3

CNNVD•added 2026/04/23 12:0 a.m.•3 views

PySpector 安全漏洞

PySpector is a high-performance Python static security analysis framework based on graphs, developed by Tommaso Bona. Versions of PySpector prior to 0.1.8 contained security vulnerabilities. These vulnerabilities stemmed from an incomplete blacklist of plugin security validators, which could allo...

7.8CVSS6.1AI score0.00021EPSS

Exploits1References1

EUVD•added 2026/04/22 7:19 p.m.•0 views

EUVD-2026-25062

nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals...

7.5CVSS5.7AI score0.00052EPSS

Exploits0References4

OSV•added 2026/04/06 2:49 p.m.•0 views

BIT-PARSE-2026-34784 Parse Server: Streaming file download bypasses afterFind file trigger authorization

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1, file downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the default...

8.2CVSS5.8AI score0.00016EPSS

Exploits0References6

RedhatCVE•added 2026/04/01 11:1 p.m.•3 views

CVE-2026-34203

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific...

4.3CVSS5.8AI score0.00011EPSS

Exploits0References1

RedhatCVE•added 2026/04/01 11:0 p.m.•0 views

CVE-2026-34784

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.71 and 9.7.1-alpha.1, file downloads via HTTP Range requests bypass the afterFindParse.File trigger and its validators on storage adapters that support streaming e.g. the...

8.2CVSS5.8AI score0.00016EPSS

Exploits0References1

RedhatCVE•added 2026/04/01 5:3 p.m.•2 views

CVE-2026-34532

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.67 and 9.7.0-alpha.11, an attacker can bypass Cloud Function validator access controls by appending "prototype.constructor" to the function name in the URL. When a Cloud...

9.1CVSS5.7AI score0.00041EPSS

Exploits0References1

Github Security Blog•added 2026/03/31 11:7 p.m.•4 views

Nautobot: Management of users via REST API does not apply configured password validators

Impact In Nautobot versions prior to 2.4.30 or prior to 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defined by Django's AUTHPASSWORDVALIDATORS setting which defaults to an empty list, i.e., no specific rules, but can be configured in Nautobot's...

4.3CVSS5.8AI score0.00011EPSS

Exploits0References7Affected Software1