CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/24 12:31 a.m.•1 views

EUVD-2026-25327

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

6.9CVSS5.8AI score0.0015EPSS

OSV•added 2026/04/24 12:31 a.m.•1 views

GHSA-R7P2-R9G4-4XPH Duplicate Advisory: OpenClaw: Gateway hello snapshots exposed host config and state paths to non-admin clients

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-2f7j-rp58-mr42. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin...

5.3CVSS5.7AI score0.00037EPSS

Packet Storm News•added 2026/04/24 12:0 a.m.•2 views

Training a General Purpose Automated Red Teaming Model

Automated methods for red teaming LLMs are an important tool to identify LLM vulnerabilities that may not be covered in static benchmarks, allowing for more thorough probing. They can also adapt to each specific LLM to discover weaknesses unique to it. Most current automated red teaming methods a...

5.6AI score

CNNVD•added 2026/04/24 12:0 a.m.•7 views

Mojic 安全漏洞

Mojic is a C-language code obfuscation tool developed by Amit Dutta. Versions of Mojic prior to 2.1.4 contained security vulnerabilities. These vulnerabilities stemmed from the use of the standard equality operator by CipherEngine to verify HMAC-SHA256 integrity checks, which could allow attacker...

4.7CVSS5.9AI score0.00015EPSS

NVD•added 2026/04/23 10:16 p.m.•4 views

CVE-2026-41339

5.3CVSS0.00037EPSS

Exploits0References3

NVD•added 2026/04/23 10:16 p.m.•2 views

CVE-2026-41333

OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can exploit the mixed WebSocket authentication flow to bypass rate limiting controls and conduct brute...

6.3CVSS0.00079EPSS

Exploits0References3

GithubExploit•added 2026/04/23 8:29 a.m.•68 views

Automated-CSRF-PoC-Generator

Description: A specialized Python script designed to automate th...

5.8AI score

Packet Storm News•added 2026/04/23 12:0 a.m.•1 views

MCP Pitfall Lab: Exposing Developer Pitfalls in MCP Tool Server Security under Multi-Vector Attacks

Model Context Protocol MCP is increasingly adopted for tool-integrated LLM agents, but its multi-layer design and third-party server ecosystem expand risks across tool metadata, untrusted outputs, cross-tool flows, multimodal inputs, and supply-chain vectors. Existing MCP benchmarks largely measu...

5.4AI score

Positive Technologies•added 2026/04/23 12:0 a.m.•3 views

PT-2026-34662

Yadea T5 Electric Bicycles models manufactured in/after 2024 have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without implementing rolling codes or cryptographic challenge-response mechanisms. This is vulnerable to signal...

5.8AI score0.00048EPSS

Exploits0References3

CNNVD•added 2026/04/23 12:0 a.m.•5 views

Microsoft Dynamics 365 Online 代码问题漏洞

Microsoft Dynamics 365 Online is a management software developed by Microsoft Corporation, designed for monitoring employee behavior and analyzing work efficiency. There are code vulnerabilities in Microsoft Dynamics 365 Online, which stem from server-side request forgery. These vulnerabilities m...

9.3CVSS6AI score0.00035EPSS

Exploits0References2

CNNVD•added 2026/04/23 12:0 a.m.•7 views

Copilot API Proxy 安全漏洞

Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from the Header Handler component’s reliance on reverse DNS resolution for handling Host...

5.3CVSS5.8AI score0.00011EPSS

Positive Technologies•added 2026/04/23 12:0 a.m.•4 views

PT-2026-34774

6.9CVSS5.8AI score0.0015EPSS

Exploits0References5

Packet Storm News•added 2026/04/23 12:0 a.m.•2 views

Rigorous Security Proofs for Practical Quantum Key Distribution

This thesis is concerned with rigorous security analyses of practical Quantum Key Distribution QKD protocols, using a variety of modern proof techniques. The main results are as follows. First, we establish a security proof for variable-length QKD protocols against IID collective attacks, and...

5.4AI score

CNNVD•added 2026/04/23 12:0 a.m.•4 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a certification rate-limiting bypass vulnerability, which allowed attackers to circumvent shared...

6.3CVSS5.8AI score0.00079EPSS

Cvelist•added 2026/04/22 11:39 p.m.•32 views

CVE-2025-36074 Security vulnerability has been detected in IBM Security Verify Directory

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

5.5CVSS0.00059EPSS

NVD•added 2026/04/22 9:17 p.m.•1 views

CVE-2026-34068

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...

6.8CVSS0.00007EPSS

EUVD•added 2026/04/22 7:55 p.m.•1 views

EUVD-2026-25086

6.8CVSS5.7AI score0.00007EPSS