CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/04/16 5:11 a.m.•5 views

CVE-2026-22618

5.9CVSS5.7AI score0.00233EPSS

CVE•added 2026/04/16 5:11 a.m.•15 views

CVE-2026-22618

The CVE concerns Eaton Intelligent Power Protector (IPP) with a security misconfiguration where an HTTP response header used an insecure attribute. The issue could enable web-based attacks and has been fixed in the latest Eaton IPP version available from Eaton’s download centre. Practical impact ...

7.1CVSS5.7AI score0.00233EPSS

Exploits0References1Affected Software1

GithubExploit•added 2026/04/16 12:11 a.m.•96 views

VulnForge

VulnForge AI-Powered Vulnerability Scanner & Auto-Exploit E...

5.9AI score

Positive Technologies•added 2026/04/16 12:0 a.m.•5 views

PT-2026-33260

5.9CVSS5.7AI score0.00233EPSS

CNNVD•added 2026/04/16 12:0 a.m.•10 views

Eaton Intelligent Power Protector 安全漏洞

Eaton Intelligent Power Protector is a power protection software developed by the American company Eaton. There is a security vulnerability in Eaton Intelligent Power Protector, which stems from incorrect security configurations. This vulnerability may expose users to web-based attacks...

7.1CVSS5.8AI score0.00233EPSS

CNNVD•added 2026/04/16 12:0 a.m.•7 views

libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.7.6 had security vulnerabilities; these vulnerabilities were due to insufficient entropy, which could allow for hash flood attacks via specially crafted XML documents...

7.5CVSS5.8AI score0.00379EPSS

HackRead•added 2026/04/15 8:36 a.m.•2 views

Active HanGhost Loader Campaign Targets Enterprise Payment and Logistics Workflows

Active HanGhost Loader campaign targets enterprise payment and logistics workflows with fileless attacks, multi-stage execution, and stealthy malware delivery...

hivepro•added 2026/04/15 7:6 a.m.•3 views

What is Predictive Threat Intelligence for Organizations?

You wouldn’t set sail across the ocean without checking the weather forecast. Meteorologists gather data on temperature, wind, and pressure systems to predict an incoming storm, giving you time to prepare. Predictive threat intelligence applies the same logic to cybersecurity. It collects and...

RedhatCVE•added 2026/04/14 6:9 p.m.•2 views

CVE-2026-33948

A flaw was found in jq, a command-line JSON processor. This vulnerability allows a remote attacker to bypass input validation by crafting malicious JSON input containing embedded null NUL bytes. Due to incorrect handling of input buffer lengths, jq truncates the input at the first NUL byte,...

6.3CVSS5.9AI score0.00256EPSS

Exploits1References5

Wiz blog•added 2026/04/14 11:33 a.m.•8 views

Primer on GitHub Actions Security - Threat Model, Attacks and Defenses (Part 1/2)

Understanding and defending your GitHub Actions - from threat model to security controls...

NVD•added 2026/04/14 9:16 a.m.•2 views

CVE-2025-40745

A vulnerability has been identified in Siemens Software Center All versions V3.5.8.2, Simcenter 3D All versions V2506.6000, Simcenter Femap All versions V2506.0002, Simcenter STAR-CCM+ All versions V2602, Solid Edge SE2025 All versions V225.0 Update 13, Solid Edge SE2026 All versions V226.0 Updat...

6.3CVSS0.00137EPSS

EUVD•added 2026/04/14 12:31 a.m.•4 views

EUVD-2026-22136

Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password...

5.8AI score0.00396EPSS

OSV•added 2026/04/14 12:16 a.m.•1 views

DEBIAN-CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

5.3CVSS5.6AI score0.00256EPSS

Exploits1References1

UbuntuCve•added 2026/04/14 12:16 a.m.•4 views

CVE-2026-33948

6.3CVSS6AI score0.00256EPSS

Exploits1References5

CNNVD•added 2026/04/14 12:0 a.m.•6 views

Microsoft Windows Admin Center 跨站脚本漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. Microsoft Windows Admin Center has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to carry out...

6.1CVSS5.9AI score0.00293EPSS

Oracle linux•added 2026/04/14 12:0 a.m.•7 views

bind security update

9.16.23-34.0.1.el97.2 - Fix warning when changing device file permissions Orabug: 36518580 32:9.16.23-34.2 - Prevent Denial of Service via maliciously crafted DNSSEC-validated zone CVE-2026-1519 32:9.16.23-34.1 - Prevent cache poisoning due to weak PRNG CVE-2025-40780 - Replace downstream fixes...

7.5CVSS5.8AI score0.00824EPSS

Exploits1

Packet Storm News•added 2026/04/14 12:0 a.m.•2 views

Evaluating Differential Privacy against Membership Inference in Federated Learning: Insights from the NIST Genomics Red Team Challenge

While Federated Learning FL mitigates direct data exposure, the resulting trained models remain susceptible to membership inference attacks MIAs. This paper presents an empirical evaluation of Differential Privacy DP as a defense mechanism against MIAs in FL, leveraging the environment of the 202...