CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/05/26 11:58 a.m.•12 views

[THN Webinar] New AI DDoS Attacks Are Smarter. Learn How to Fight Back

Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using powerful Artificial Intelligence AI tools to make their attacks faster, stronger, and much harder to stop. According to...

CVE•added 2026/05/22 10:3 p.m.•23 views

CVE-2026-40411

Azure Virtual Network Gateway is affected by a Remote Code Execution vulnerability (CVE-2026-40411) due to improper input validation. An attacker with network access and low privileges can trigger code execution on the gateway, given an authentication context that is considered authorized. The CV...

9.9CVSS6AI score0.00104EPSS

Exploits0References1Affected Software1

Microsoft Secure•added 2026/05/22 4:0 p.m.•2 views

Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations

AI is reshaping how work gets done—and how risks emerge across cloud, data, identity, and more. Many organizations want AI-powered productivity, but their security foundations aren’t yet built for it. As organizations move toward AI-powered operating models, security becomes the critical enabler ...

Qualys Blog•added 2026/05/14 12:45 p.m.•2 views

FedRAMP High Authorized: Qualys TotalCloud CNAPP – From Compliance to Defense

Qualys TotalCloud has achieved FedRAMP High Authorization, marking a major milestone in delivering validated cloud security and compliance assurance for high-impact federal and regulated environments. Key Takeaways Qualys TotalCloud CNAPP is a FedRAMP High Authorized that enables continuous,...

6.2AI score

Microsoft Secure•added 2026/05/12 4:0 p.m.•6 views

Defending consumer web properties against modern DDoS attacks

If you own, create, or maintain online services and web portals, you’re probably aware of the dramatic upswing in DDoS attacks on your domains. AI has democratized tooling not just for us but for threat actors as well. DDoS in this era has extended from simple bandwidth saturation to sophisticate...

Qualys Blog•added 2026/05/06 4:0 p.m.•4 views

Before the Breach, There Was a Test Environment

Key Takeaways Most security failures do not begin where they are discovered. By the time risk becomes visible in production, the decisions that created it are often already sitting in test environments. “Temporary” test infrastructure often becomes permanent, creating persistent misconfigurations...

6AI score

Hive Pro Threat Advisories•added 2026/05/01 2:3 p.m.•2 views

CSPM vs Exposure Management: Key Differences

Your CSPM tool flags 4,000 misconfigurations every month. Your team remediates 400. Attackers only need one. That gap between what your posture tools report and what actually puts your organization at risk is exactly where exposure management picks up. Book a demo to see how Hive Pro's Uni5 Xposu...

Wiz blog•added 2026/04/29 9:0 p.m.•4 views

Key Takeaways from the 2026 State of AI in the Cloud Report

How AI Adoption, Autonomy, and Attacker Innovation Are Reshaping Cloud Security...

5.2AI score

Positive Technologies•added 2026/04/24 12:0 a.m.•1 views

PT-2026-34862

Name of the Vulnerable Software and Affected Versions Azure IoT Central affected versions not specified Description Exposure of sensitive information to an unauthorized actor allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information...

9.9CVSS5.1AI score0.00089EPSS

Exploits0References4

Wiz blog•added 2026/04/22 12:0 p.m.•3 views

Wiz at Google Next: Machine-Speed Defense for Any Cloud, Any Platform, Any AI

Announcing new capabilities at Google Cloud Next that extend and deepen Wiz AI-APP coverage: From the first line of AI-generated code, across AI and agent studios, to the edge of the cloud...

MSRC•added 2026/04/22 12:0 a.m.•4 views

From first report to MVR: Harun’s path in cloud security research

Harun’s relationship with technology began early, driven by curiosity rather than obligation. While still in high school, he taught himself Pascal and C simply because he wanted to understand how things worked. Those languages never became central to his professional career, but they shaped how h...

5.7AI score

Microsoft Secure•added 2026/04/20 4:0 p.m.•5 views

Making opportunistic cyberattacks harder by design

This is part of a series of blogs and interviews conducted with our Microsoft Deputy CISOs , in which we surface a number of mission-critical security recommendations and best practices that businesses can enact right now and derive real meaningful benefits from. In this article, Ilya Grebnov,...

6AI score

Microsoft Secure•added 2026/04/20 4:0 p.m.•5 views

Making opportunistic cyberattacks harder by design

6.2AI score

Qualys Blog•added 2026/04/15 6:2 p.m.•4 views

Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace

Key Takeaways Qualys VMDR and TotalCloud are now available on the Oracle Cloud Marketplace, simplifying procurement and deployment for Oracle Cloud Infrastructure OCI customers. Organizations can deploy security faster with native OCI integration and one-click provisioning. The combined platform...

OSV•added 2026/04/10 3:16 a.m.•1 views

UBUNTU-CVE-2026-33551

An issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials can create EC2 credentials. By using a restricted application credential to call the EC2 credential creation API, an authenticated user with only a reader role...

3.5CVSS5.8AI score0.00033EPSS

Exploits0References4

Schneier on Security•added 2026/04/09 10:51 a.m.•4 views

On Microsoft’s Lousy Cloud Security

ProPublica has a scoop: In late 2024, the federal government's cybersecurity evaluators rendered a troubling verdict on one of Microsoft's biggest cloud computing offerings. The tech giant's "lack of proper detailed security documentation" left reviewers with a "lack of confidence in assessing th...

Positive Technologies•added 2026/04/09 12:0 a.m.•2 views

PT-2026-31709

Name of the Vulnerable Software and Affected Versions Contemporary Controls BASC 20T affected versions not specified Description An attacker can forge packets by obtaining data from network traffic to make arbitrary requests to the device. This allows for device reconfiguration, file manipulation...

9.8CVSS5.9AI score0.00101EPSS

Exploits0References9

CNNVD•added 2026/04/06 12:0 a.m.•3 views

Amazon Web Services Research and Engineering Studio 安全漏洞

Amazon Web Services Research and Engineering Studio is a cloud-based research and engineering environment of Amazon, Inc. There are security vulnerabilities in the version dated October 2024 to December 1, 2025 of Amazon Web Services Research and Engineering Studio. These vulnerabilities stem fro...

8.8CVSS7.6AI score0.00118EPSS

Exploits1References4

Packet Storm News•added 2026/04/02 12:0 a.m.•1 views

Design and Implementation of an Open-Source Security Framework for Cloud Infrastructure

Misconfiguration, excessive privilege, and tool fragmentation remain the main reasons why enterprise cloud environments are breached. Recent reports on cloud-native application protection note that most incidents can be traced back to configuration or identity errors rather than platform flaws, a...