CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/04/14 6:30 p.m.•3 views

EUVD-2026-22293

Claude Code has a Domain Validation Bypass which Allows Automatic Requests to Attacker-Controlled Domains...

7.7CVSS7.1AI score0.00464EPSS

Exploits0References8

OSSF Malicious Packages•added 2026/04/14 9:21 a.m.•12 views

Malicious code in centralogger (npm)

dom-utils-lite and centralogger, with identical payloads. On npm install, a postinstall hook fetches the attacker’s SSH public key from a Supabase storage bucket, appends it to /.ssh/authorizedkeys, harvests the victim’s IP, username, and hostname, then uploads that metadata to the same Supabase...

5.7AI score

Fedora•added 2026/04/13 9:7 p.m.•5 views

[SECURITY] Fedora 44 Update: siril-1.4.2-3.fc44

Siril is an image processing tool specially tailored for noise reduction and improving the signal/noise ratio of an image from multiple captures, as required in astronomy. Siril can align automatically or manually, stack and enhance pictures from various file formats, even images sequences movies...

9.8CVSS5.8AI score0.00735EPSS

Exploits3

OSV•added 2026/04/13 5:42 a.m.•1 views

BIT-LOGSTASH-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

9.8CVSS6.5AI score0.00545EPSS

OSV•added 2026/04/13 5:42 a.m.•1 views

BIT-KIBANA-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An authenticated user with access to the automatic import feature can submit specially crafted requests with excessively large input values. When multiple such requests are sent...

OSV•added 2026/04/13 5:38 a.m.•1 views

BIT-ELK-2026-33459 Uncontrolled Resource Consumption in Kibana Leading to Denial of Service

VulnCheck KEV•added 2026/04/13 12:0 a.m.•32 views

VulnCheck KEV: CVE-2026-33032

Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired middleware, the /mcpmessage endpoi...

9.8CVSS5.8AI score0.38477EPSS

In wildExploits4References3

Positive Technologies•added 2026/04/13 12:0 a.m.•1 views

PT-2026-32430

Positive Technologies•added 2026/04/13 12:0 a.m.•4 views

Exploits0References3

PT-2026-32434

8.1CVSS6.5AI score0.00545EPSS

Exploits0References3

Positive Technologies•added 2026/04/13 12:0 a.m.•4 views

PT-2026-32406

OSV•added 2026/04/10 7:26 p.m.•1 views

Exploits0References3

GHSA-PV9Q-275H-RH7X PraisonAI Vulnerable Untrusted Remote Template Code Execution

PraisonAI treats remotely fetched template files as trusted executable code without integrity verification, origin validation, or user confirmation, enabling supply chain attacks through malicious templates. --- Description When a user installs a template from a remote source e.g., GitHub,...

9.3CVSS6.3AI score0.00304EPSS

Exploits1References4

RedhatCVE•added 2026/04/09 7:23 p.m.•3 views

CVE-2026-33459

6.5CVSS5.9AI score0.0024EPSS

GithubExploit•added 2026/04/09 5:10 p.m.•112 views

Exploit for Path Traversal in Xibosignage Xibo

Xibo CMS CVE-2023-33177 Vulnerability Tester !Python 3.6+...

8.8CVSS7.4AI score0.07093EPSS

Exploits3

Snyk•added 2026/04/09 4:14 p.m.•6 views

Allocation of Resources Without Limits or Throttling

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the automatic import plugin. An attacker can cause backend services to...

7.1CVSS5.7AI score0.0024EPSS

OSV•added 2026/04/09 8:56 a.m.•1 views

SUSE-SU-2026:21215-1 Security update for patterns-glibc-hwcaps

This update for patterns-glibc-hwcaps fixes the following issues: The pattern is moved from PackageHub to regular SLES. It requires packages for the x8664 v3 architecture and is automatically pulled in when this architecture is present. These packages are optimized for the x8664 v3 architecture t...

5.8AI score

Tenable Nessus•added 2026/04/09 12:0 a.m.•4 views

Fedora 43 : cockpit (2026-42f1aaa820)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-42f1aaa820 advisory. Automatic update for cockpit-360-1.fc43. Changelog for cockpit Wed Apr 08 2026 Packit - 360-1 - ws: be more explicit when handling hostnames on cli...

9.8CVSS5.9AI score0.13889EPSS

Exploits3References2

EUVD•added 2026/04/08 6:34 p.m.•4 views

EUVD-2026-20521

6.5CVSS5.9AI score0.0024EPSS