CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1060 matches found

HackRead•added 2026/03/25 2:41 p.m.•3 views

How AI Translation Fixes Multilingual Content Chaos

AI translation fixes multilingual content chaos by improving consistency, workflows, and speed, helping teams reduce errors and scale global content faster...

5.8AI score

Exploits0

Veracode•added 2026/03/25 10:14 a.m.•2 views

Improper Handling Of Symbolic Links

github.com/argoproj/argo-workflows is vulnerable to Improper Handling Of Symbolic Links. The vulnerability is due to flawed validation in the untar process when resolving symbolic links, which allows an attacker to overwrite critical files such as /var/run/argo/argoexec with a malicious script th...

8.1CVSS7.1AI score0.00089EPSS

Exploits1References3Affected Software1

SUSE CVE•added 2026/03/25 12:26 a.m.•1 views

SUSE CVE-2026-28229

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve WorkflowTemplates and ClusterWorkflowTemplates. Any request with a Authorization: Bearer nothing...

9.8CVSS5.9AI score0.00017EPSS

Exploits1References3

SUSE CVE•added 2026/03/25 12:24 a.m.•3 views

SUSE CVE-2026-31892

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely bypass all security settings defined in a WorkflowTemplate by including a podSpecPatch field in...

8.9CVSS5.9AI score0.00027EPSS

Exploits1References3

EUVD•added 2026/03/24 5:53 p.m.•1 views

EUVD-2026-14601

Trivy ecosystem supply chain was briefly compromised...

9.4CVSS6AI score0.26577EPSS

Exploits2References3

ATTACKERKB•added 2026/03/24 12:54 p.m.•1 views

CVE-2026-33475

Langflow is a tool for building and deploying AI-powered agents and workflows. An unauthenticated remote shell injection vulnerability exists in multiple GitHub Actions workflows in the Langflow repository prior to version 1.9.0. Unsanitized interpolation of GitHub context variables e.g., $...

9.1CVSS6.3AI score0.00081EPSS

Exploits1References2Affected Software1

The Hacker News•added 2026/03/24 10:38 a.m.•7 views

TeamPCP Hacks Checkmarx GitHub Actions Using Stolen CI Credentials

Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy supply chain attack. The workflows, both maintained by the supply chain security company...

9.4CVSS6.4AI score0.26577EPSS

Exploits2

Vulnrichment•added 2026/03/23 9:47 p.m.•1 views

CVE-2026-33634 Trivy ecosystem supply chain briefly compromised

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in aquasecurity/trivy-action to credential-stealing malware, and replace all 7 tags in aquasecurity/setup-trivy with malicious...

9.4CVSS5.9AI score0.26577EPSS

Exploits2References10

Wiz blog•added 2026/03/23 12:0 p.m.•4 views

Introducing Wiz Agents & Workflows: Security at the Speed of AI

A new security operating model powered by AI agents that removes bottlenecks and enables teams to act at the speed of AI...

5.8AI score

Exploits0

Github Security Blog•added 2026/03/21 3:31 a.m.•3 views

Duplicate Advisory: OpenClaw Node system.run approval context-binding weakness in approval-enabled host=node flows

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjvp-qhm6-wrh2. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with...

6.5CVSS5.9AI score0.00038EPSS

Exploits0References5Affected Software1

CVE•added 2026/03/21 12:42 a.m.•9 views

CVE-2026-32058

OpenClaw v contains an approval context-binding weakness in system.run flows where host=node. This flaw allows an attacker with an approval id to reuse a previously approved request but with modified environment variables, bypassing execution-integrity checks in approval-enabled workflows. Affect...

6.5CVSS5.9AI score0.00038EPSS

Exploits0References3Affected Software1

Spring Engineering•added 2026/03/18 12:0 a.m.•5 views

Blending Chat with Rich UIs with Spring AI and MCP Apps

The way humans typically interact with AI is via a chat-style interface such as ChatGPT or Claude Desktop. In fact, the ability to converse with an AI in natural language is perhaps one of the most amazing things about this technology. It lets humans talk to computers in human terms, rather than...

5.9AI score

Exploits0

PyPA•added 2026/03/17 11:16 a.m.•7 views

PYSEC-2026-17

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance.Users are recommended to upgrade to...

8.1CVSS5.8AI score0.00043EPSS

Exploits0References4Affected Software1

Packet Storm News•added 2026/03/17 12:0 a.m.•0 views

A Longitudinal Study of Usability in Identity-Based Software Signing

Identity-based software signing tools aim to make software artifact provenance verifiable while reducing the operational burden of long-lived key management. However, there is limited cross-tool longitudinal evidence about which usability problems arise in practice and how those problems evolve a...

5.7AI score

Exploits0