CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/02/10 10:15 a.m.•2 views

CVE-2026-23906

9.8CVSS5.6AI score

Vulnrichment•added 2026/02/10 9:28 a.m.•1 views

CVE-2026-23906 Apache Druid: Authentication Bypass via LDAP Anonymous Bind

5.6AI score0.00084EPSS

Exploits0References1

ATTACKERKB•added 2026/02/10 9:28 a.m.•2 views

CVE-2026-23906

5.6AI score0.00084EPSS

Exploits0References2Affected Software1

CVE•added 2026/02/10 9:28 a.m.•20 views

CVE-2026-23906

Summary (CVE-2026-23906) : Apache Druid versions 0.17.0 through 35.x are affected when using the druid-basic-security extension with LDAP authentication and an LDAP server that allows anonymous bind. The vulnerability arises from improper validation of LDAP authentication responses, where anonymo...

9.8CVSS5.6AI score0.00084EPSS

Exploits0References2Affected Software1

4.6CVSS6.4AI score0.00077EPSS

EUVD-2004-2298

Malware in sbrugna...

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2004-1355

Malware in sbrugna...

5CVSS6.4AI score0.0054EPSS

Exploits0References7

7.5CVSS6.4AI score0.00717EPSS

EUVD-2001-1394

Malware in sbrugna...

Exploits0References4

7.5CVSS7.5AI score0.01219EPSS

EUVD-2021-15563

Malware in sbrugna...

4.9CVSS6.4AI score0.00061EPSS

EUVD-2007-5398

Malware in sbrugna...

Exploits0References10

2.1CVSS6.4AI score0.00217EPSS

EUVD-2004-0653

Malware in sbrugna...

Exploits0References7

Microsoft Malware Protection•added 2023/04/26 4:0 p.m.•22 views

Healthy security habits to fight credential breaches: Cyberattack Series

Fifty percent of Microsoft cybersecurity recovery engagements relate to ransomware,1 and 61 percent of all breaches involve credentials.2 In this second report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a push-bombing request that targete...

7AI score

OSV•added 2022/03/23 8:15 p.m.•1 views

CVE-2021-27426

GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user...

9.8CVSS7AI score0.0029EPSS

Malwarebytes•added 2021/04/26 5:21 p.m.•49 views

Zoom deepfaker fools politicians…twice

We recently said deepfakes “remain the weapon of choice for malign interference campaigns, troll farms, revenge porn, and occasionally humorous celebrity face-swaps”. Skepticism that these techniques would work on a grand scale such as an election, remains in place. In the realm of malign...

The Hacker News•added 2021/01/27 4:28 a.m.•134 views

In the Wake of the SolarWinds Hack, Here's How Businesses Should Respond

Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies. And as the year came to a close, more businesses began trying to assemble th...

7.5AI score

ThreatPost•added 2020/01/27 2:16 p.m.•63 views

Mandatory IoT Security in the Offing with U.K. Proposal

The U.K. government has unveiled a proposed law aimed at securing internet of things IoT devices, which have historically been riddled with basic security issues. The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords mu...

0.5AI score

Exploits0References12

Pen Test Partners Blog•added 2019/12/10 11:56 a.m.•14 views

Xmas Light Security Improves… a bit

We've looked at smart Xmas lights before; whilst they were vulnerable, there was no consequence to the hack other than making them flash in a different order! In 2018 we looked at the all-new Twinkly smart festive lights. We found a number of security issues, reported them to the vendor and to a...

6.9AI score