CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Model Context Protocol MCP is a de facto standard for providing structured access to privileged systems for AI agents and external integrations. It acts as a USB-C port for AI, enabling faster innovation by allowing organizations to expose tools, resources, and workflows without the...

5.8AI score

Exploits0

Vulnrichment•added 2026/05/12 4:35 p.m.•7 views

CVE-2025-35990

Improper input validation for some Intel Endpoint Management Assistant EMA software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation...

8.7CVSS5.7AI score0.00188EPSS

Exploits0References1

CVE•added 2026/05/12 4:34 p.m.•14 views

CVE-2026-20717

CVE-2026-20717 describes improper input validation in some Intel QAT software drivers for Windows prior to version 1.13, exploitable in Ring 3 (local). An authenticated, low-privilege user could cause a denial of service with a low=confidentiality and integrity impact and a high availability impa...

6.9CVSS5.7AI score0.00099EPSS

Exploits0References1Affected Software1

Malwarebytes•added 2026/05/12 3:46 p.m.•13 views

Fake Claude search results lure Mac users into ClickFix attack

Researchers found that cybercriminals are using sponsored search results and shared Claude chats to lure victims into a typical ClickFix attack to install malware on macOS devices. ClickFix is a social engineering method that tricks users into infecting their own device with malware. Users are...

6.5AI score

Exploits0

NVD•added 2026/05/12 3:16 p.m.•6 views

CVE-2026-8109

An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials...

6.5CVSS0.00701EPSS

Exploits0References1

IBM Security Bulletins•added 2026/05/12 3:7 p.m.•5 views

Security Bulletin: Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

Summary The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0. Vulnerability Details CVEID:CVE-2026-5061 DESCRIPTION:...

4.7CVSS5.7AI score0.00109EPSS

Exploits0Affected Software1

The Hacker News•added 2026/05/12 2:47 p.m.•8 views

RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded

RubyGems , the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior product manager for...

5.8AI score

Exploits0

RedhatCVE•added 2026/05/12 2:21 p.m.•5 views

CVE-2026-42652

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpeverest User Registration user-registration allows Reflected XSS.This issue affects User Registration: from n/a through = 5.1.5...

7.1CVSS5.8AI score0.00149EPSS

Exploits0References1

RedhatCVE•added 2026/05/12 2:21 p.m.•12 views

CVE-2026-0300

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.8CVSS6.4AI score0.3176EPSS

Exploits6References1

NVD•added 2026/05/12 2:17 p.m.•5 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS0.00231EPSS

Exploits0References1