CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/03/03 8:43 a.m.•3 views

BIT-KIBANA-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

Improper Neutralization of Special Elements Used in a Template Engine CWE-1336 exists in Workflows in Kibana which could allow an attacker to read arbitrary files from the Kibana server filesystem, and perform Server-Side Request Forgery SSRF via Code Injection CAPEC-242. This requires an...

OSV•added 2026/03/03 8:40 a.m.•3 views

BIT-ELK-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

OSV•added 2026/03/03 12:39 a.m.•0 views

CLEANSTART-2026-MW73882 filippo

Multiple security vulnerabilities affect the argo-workflows package. filippo. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00019EPSS

Exploits2References12

OSV•added 2026/03/03 12:39 a.m.•1 views

CLEANSTART-2026-BY85815 OpenTelemetry-Go is the Go implementation of OpenTelemetry

Multiple security vulnerabilities affect the argo-workflows package. OpenTelemetry-Go is the Go implementation of OpenTelemetry. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00019EPSS

Exploits2References14

Snyk•added 2026/03/02 10:40 p.m.•5 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the approval-enabled host=node workflows. An attacker can bypass intended approval integrity by reusing a previously approved request with altered environment...

6.5CVSS6.1AI score0.00038EPSS

Exploits0References3

vulnersOsv•added 2026/02/27 10:9 p.m.•4 views

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +936 more potentially affected by CVE-2026-28208 via com.github.junrar:junrar (>=0.7 <=7.5.7)

com.github.junrar:junrar MAVEN version =0.7, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.4, =1.2.0, =1.3.1 and more Source cves: CVE-2026-28208 Source advisory: OSV:GHSA-J273-M5QQ-6825...

5.9CVSS5.4AI score0.00211EPSS

Exploits1

RedhatCVE•added 2026/02/27 7:44 p.m.•5 views

CVE-2026-26938

Snyk•added 2026/02/27 6:20 p.m.•2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the Workflows module. An attacker with the...

EUVD•added 2026/02/26 9:31 p.m.•7 views

EUVD-2026-8873

8.6CVSS5.7AI score0.00074EPSS

Wolfi•added 2026/02/26 7:48 p.m.•6 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: boring-registry, helm-push, trufflehog, grafana-alloy, flux-source-controller, gomplate, pulumi-language-yaml, terraform-provider-pagerduty, crossplane-provider-aws-sns, zarf, crossplane-provider-aws-sqs, gitaly, crossplane-provider-azure-sql, kubevela, osv-scanner,...

9.8CVSS7.7AI score0.00026EPSS

Wolfi•added 2026/02/26 7:48 p.m.•8 views

GHSA-Q9HV-HPM4-HJ6X vulnerabilities

5.2AI score

EUVD•added 2026/02/26 7:40 p.m.•5 views

EUVD-2026-8828

Fleet: Authorization Bypass in certificate template batch deletion for team administrators...

5.1CVSS5.2AI score0.0004EPSS

Exploits0References3

NVD•added 2026/02/26 7:32 p.m.•3 views

CVE-2026-26938

8.6CVSS0.00074EPSS

OSV•added 2026/02/26 7:32 p.m.•2 views

CVE-2026-26938

7.7CVSS5.9AI score

Chainguard•added 2026/02/26 7:17 p.m.•7 views

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: crossplane-provider-aws-memorydb, k9s-fips, helm, xeol-fips, syft, flux-kustomize-controller-fips, flux-notification-controller, reports-server, gitea, goreleaser, crossplane-provider-aws-ecr, trufflehog, crossplane-provider-aws-firehose, terragrunt-fips,...

9.8CVSS7.7AI score0.00026EPSS

Cvelist•added 2026/02/26 5:56 p.m.•20 views

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)

8.6CVSS0.00074EPSS

CVE•added 2026/02/26 5:56 p.m.•22 views

CVE-2026-26938

CVE-2026-26938 concerns Kibana’s Workflows feature. The issue is an improper neutralization of special elements used in a template engine, enabling reading arbitrary files from the Kibana server filesystem and SSRF via Code Injection (CAPEC-242). It requires an authenticated user with the workflo...

8.6CVSS5.7AI score0.00074EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/02/26 5:56 p.m.•2 views

CVE-2026-26938

8.6CVSS5.9AI score0.00074EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/26 5:56 p.m.•2 views

CVE-2026-26938 Improper Neutralization of Special Elements Used in a Template Engine in Kibana Workflows Leading to Server-Side Request Forgery (SSRF)