CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added last week•9 views

CVE-2026-45549

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agentaction app/routes/smon/agentroutes.py:166-179 has decorators @bp.post'/agent/action/' and @jwtrequired only — no role check, no group ownership check on the serverip form...

8.5CVSS5.5AI score0.00199EPSS

NVD•added last week•11 views

CVE-2026-10847

A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitatio...

7.8CVSS0.00121EPSS

SUSE Linux•added last week•3 views

Security update for google-cloud-sap-agent

This update for google-cloud-sap-agent fixes the following issue CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265764. Changes for google-cloud-sap-agent: Update to version 3.14 bsc1265991 Patch Instructions: To install this SUSE...

7.5CVSS5.4AI score0.00565EPSS

Exploits0References6

Cvelist•added last week•24 views

CVE-2026-10847 Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS

7.8CVSS0.00121EPSS

Vulnrichment•added last week•7 views

CVE-2026-10847 Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS

7.8CVSS6AI score0.00121EPSS

CVE•added last week•21 views

CVE-2026-10847

CVE-2026-10847 is a local privilege escalation affecting Check Point Identity Agent Full for Windows OS. An authenticated local user may gain SYSTEM privileges by exploiting improper handling of executable resolution during log collection. The documented impact is elevated privileges on the affec...

7.8CVSS6AI score0.00121EPSS

OSSF Malicious Packages•added last week•7 views

Malicious code in 0x2ai-ivo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e78c039ee7ad67b1a20ef30b37ce03178f6c2181b1e330db69e04dabd0a28686 On install, the postinstall script copies the package's payload/ tree CLAUDE.md,.claude/settings.json,.mcp.json, and several.cjs MCP scripts into the...

OSV•added last week•5 views

MAL-2026-5599 Malicious code in 0x2ai-ivo (npm)

OSSF Malicious Packages•added 2026/06/11 4:47 a.m.•5 views

Malicious code in forge-jsx2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ce40276c3c58337b7db3272f89e0716b017b4d63bfa625b8757b9d1969ec9f9 The package masquerades as an 'Autodesk Forge' integration but ships no Forge API code. On npm install, scripts/postinstall-agent.mjs materializes a...

5.6AI score

OSV•added 2026/06/11 4:47 a.m.•6 views

MAL-2026-5568 Malicious code in forge-jsx2 (npm)

5.6AI score

OSV•added 2026/06/11 12:41 a.m.•6 views

CLEANSTART-2026-OK35650 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...

Multiple security vulnerabilities affect the rancher-agent package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed...

9.8CVSS5.5AI score0.00765EPSS

Exploits1References5

EUVD•added 2026/06/11 12:32 a.m.•10 views

EUVD-2026-36147

A privilege escalation PE vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

8.5CVSS5.7AI score0.00107EPSS

EUVD•added 2026/06/11 12:32 a.m.•7 views

EUVD-2026-36144

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS

OSV•added 2026/06/11 12:19 a.m.•4 views

MAL-2026-5538 Malicious code in hex-type (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7d0271fe97ea66e9ff2ba3a0ea225364324f28138af32c337d6ed8b2b99e5ad Package metadata description "A universally-unique, lexicographically-sortable, identifier generator", homepage github.com/ulid/javascript, build...

Packet Storm News•added 2026/06/11 12:0 a.m.•3 views

MAStrike: Shapley-Guided Collusive Red-Teaming on Multi-Agent Systems

Hierarchical multi-agent systems MAS are rapidly being deployed in high-stakes workflows across domains such as finance and software engineering. In these systems, safety and security are inherently distributed across role-specialized agents, significantly expanding the attack surface, particular...

CNNVD•added 2026/06/11 12:0 a.m.•3 views

Exploits0

Check Point Identity Agent Full 代码问题漏洞

Check Point Identity Agent Full is a terminal identity awareness agent developed by Check Point Technologies. There is a code vulnerability in Check Point Identity Agent Full, which stems from improper handling of executable file parsing during log collection. This vulnerability may allow...

7.8CVSS5.9AI score0.00121EPSS