CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7061 matches found

NVD•added 2026/03/16 3:16 p.m.•4 views

CVE-2025-52645

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

5.3CVSS0.00084EPSS

Exploits0References1

Cvelist•added 2026/03/16 2:45 p.m.•20 views

CVE-2025-52642 HCL AION is affected by an internal filesystem paths disloser vulnerability

HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure details which could potentially aid in further targeted attacks or information disclosure...

3.3CVSS0.00108EPSS

Exploits0References1

CVE•added 2026/03/16 2:45 p.m.•8 views

CVE-2025-52642

CVE-2025-52642 affects HCL AION (AI lifecycle management platform). The connected documents describe a root cause where internal filesystem paths are exposed through application responses or system behavior, enabling potential information disclosure about environment structure. The impact is info...

6.5CVSS5.7AI score0.00108EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/16 2:26 p.m.•4 views

CVE-2025-52643

HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security risks, including unintended behaviour or integrity impact when processing specially crafted files...

4.7CVSS5.8AI score0.00095EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/03/16 12:53 p.m.•0 views

CVE-2025-52648

HCL AION is affected by a vulnerability where offering images are not digitally signed. Lack of image signing may allow the use of unverified or tampered images, potentially leading to security risks such as integrity compromise or unintended behavior in the system...

4.8CVSS5.8AI score0.00117EPSS

Exploits0References1

Ubuntu•added 2026/03/16 10:57 a.m.•5 views

USN-8093-1: libssh vulnerability

It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a client application queried extension data out of bounds, it could cause the application to crash, resulting in a denial of service, or exhibit unintended behavior...

7.5CVSS5.8AI score0.00631EPSS

Exploits0

Positive Technologies•added 2026/03/16 12:0 a.m.•1 views

PT-2026-25709

4.8CVSS5.8AI score0.00117EPSS

Exploits0References1

Positive Technologies•added 2026/03/16 12:0 a.m.•4 views

PT-2026-25748

4.7CVSS5.8AI score0.00095EPSS

Exploits0References2

Positive Technologies•added 2026/03/16 12:0 a.m.•8 views

PT-2026-25805

Craft CMS is a content management system CMS. From version 4.0.0-RC1 to before version 4.17.5 and from version 5.0.0-RC1 to before version 5.9.11, there is a Behavior injection RCE vulnerability in ElementIndexesController and FieldsController. Craft control panel administrator permissions and...

8.6CVSS5.7AI score0.00515EPSS

Exploits0References4

CNNVD•added 2026/03/16 12:0 a.m.•3 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause the use of an unauthenticated or tampered image, triggering security risks such as integrity breaches or unexpected system behavior...

9.8CVSS5.8AI score0.00117EPSS

Exploits0References1

CNNVD•added 2026/03/16 12:0 a.m.•2 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from untrusted file parsing operations not being performed in an isolated sandboxed environment, which can be exploited by an attacker to cause unexpected behavior when...

7.8CVSS5.8AI score0.00095EPSS

Exploits0References1

Packet Storm News•added 2026/03/16 12:0 a.m.•14 views

From Storage to Steering: Memory Control Flow Attacks on LLM Agents

Modern agentic systems allow Large Language Model LLM agents to tackle complex tasks through extensive tool usage, forming structured control flows of tool selection and execution. Existing security analyses often treat these control flows as ephemeral, one-off sessions, overlooking the persisten...

5.9AI score

Exploits0

OSSF Malicious Packages•added 2026/03/14 7:17 a.m.•6 views

Malicious code in test_pkg_forppe (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fb7a0a95274f0d2d68d1bf6fc49d05bfc1b8a7e041147c0597e8db59c5552015 The package testpkgforppe was found to contain malicious code. Source: ghsa-malware 4f40eeeea0e63ed3d90dbfcf8f947f134cf561db8c1775a61ae4099c71c926e4...

5.8AI score

Exploits0References1

Tenable Nessus•added 2026/03/13 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-3497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux...

7.5CVSS7.2AI score0.01962EPSS

Exploits0References2

OSV•added 2026/03/12 7:16 p.m.•2 views

DEBIAN-CVE-2026-3497

Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpktdisconnect on an error, which does not terminate the...

7.5CVSS6.9AI score0.01962EPSS

Exploits0References1

NVD•added 2026/03/12 7:16 p.m.•3 views

CVE-2026-3497

7.5CVSS0.01962EPSS

Exploits0References10

Cvelist•added 2026/03/12 6:27 p.m.•22 views

CVE-2026-3497

6.9CVSS0.01962EPSS

Exploits0References2