CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33706 matches found

CVE•added 2026/05/22 10:3 p.m.•27 views

CVE-2026-40411

Azure Virtual Network Gateway is affected by a Remote Code Execution vulnerability (CVE-2026-40411) due to improper input validation. An attacker with network access and low privileges can trigger code execution on the gateway, given an authentication context that is considered authorized. The CV...

9.9CVSS6AI score0.00104EPSS

Exploits0References1Affected Software1

NVD•added 2026/05/22 6:16 p.m.•4 views

CVE-2026-39965

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain an SSRF via Open Redirect Bypass as the HTTP Request block and Code block validate the initial request URL via validateHttpReqUrl to block private IPs and cloud metadata hostnames. However, the HTTP clients ky and fetch follow 3...

7.7CVSS0.00032EPSS

Exploits0References2

EUVD•added 2026/05/22 5:27 p.m.•7 views

EUVD-2026-31479

7.7CVSS5.8AI score0.00032EPSS

Exploits0References2

CVE•added 2026/05/22 5:27 p.m.•26 views

CVE-2026-39965

Summary: CVE-2026-39965 affects TypeBot (versions ≤ 3.15.2). The HTTP Request and Code blocks validate the initial URL but the HTTP clients (ky and fetch) do not re-validate redirect destinations on 302 responses, enabling an authenticated user to point a block to an attacker-controlled server th...

7.7CVSS5.8AI score0.00032EPSS

Exploits0References2

NVD•added 2026/05/22 5:16 p.m.•11 views

CVE-2026-34207

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, SSRF protection for Webhook / HTTP Request blocks validates only the URL string, blocked hostname literals, and literal IP formats. It does not resolve DNS before allowing the request. As a result, a hostname such as ssrf-repro.examp...

7.6CVSS0.0006EPSS

Exploits0References3

Cvelist•added 2026/05/22 5:12 p.m.•6 views

CVE-2026-34207 TypeBot: SSRF Protection Bypass via DNS-Resolved Hostnames in Webhook / HTTP Request Validation

7.6CVSS0.0006EPSS

Exploits0References3

ATTACKERKB•added 2026/05/22 5:12 p.m.•8 views

CVE-2026-34207

7.6CVSS5.8AI score0.0006EPSS

Exploits0References4Affected Software1

Microsoft Secure•added 2026/05/22 4:53 p.m.•9 views

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

In this article 1. Attack chain overview 1. Initial access: Exploiting edge appliances 2. Discovery and reconnaissance 3. Lateral movement and identity compromise 2. Mitigation and protection guidance 1. Microsoft Defender XDR detections 2. Advanced hunting 3. Indicators of compromise IOC 4. MITR...

8.8CVSS8AI score0.44333EPSS

Exploits6

ATTACKERKB•added 2026/05/22 4:50 p.m.•7 views

CVE-2026-33712

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint POST /api/v1/typebots/typebotId/preview/startChat allows unauthenticated users to achieve Server-Side Request Forgery SSRF by supplying a custom typebot definition with server-side code blocks. The fetch...

10CVSS5.8AI score0.00067EPSS

Exploits1References3Affected Software1

Vulnrichment•added 2026/05/22 4:50 p.m.•4 views

CVE-2026-33712 TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls

10CVSS5.8AI score0.00067EPSS

Exploits1References2

NVD•added 2026/05/22 4:16 p.m.•5 views

CVE-2022-31231

Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management IAM module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data...

7.5CVSS0.00044EPSS

Exploits0References1

Microsoft Secure•added 2026/05/22 4:0 p.m.•4 views

Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations

AI is reshaping how work gets done—and how risks emerge across cloud, data, identity, and more. Many organizations want AI-powered productivity, but their security foundations aren’t yet built for it. As organizations move toward AI-powered operating models, security becomes the critical enabler ...

5.8AI score

Exploits0

Microsoft Secure•added 2026/05/22 4:0 p.m.•6 views

Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations

5.8AI score

Exploits0

Vulnrichment•added 2026/05/22 2:31 p.m.•6 views

CVE-2022-31231

5.9CVSS5.8AI score0.00044EPSS

Exploits0References1

GithubExploit•added 2026/05/22 1:18 p.m.•50 views

Exploit for CVE-2025-0680

CVE-2025-0680 — Scanner + Exploit New Rock Technologies MX8...

9.8CVSS6AI score0.00807EPSS

Exploits1

The Hacker News•added 2026/05/22 11:55 a.m.•18 views

Megalodon GitHub Attack Targets 5,561 Repos with Malicious CI/CD Workflows

Cybersecurity researchers have disclosed details of a new automated campaign called Megalodon that has pushed 5,718 malicious commits to 5,561 GitHub repositories within a six-hour window. "Using throwaway accounts and forged author identities build-bot, auto-ci, ci-bot, pipeline-bot, the attacke...

5.9AI score

Exploits0

Securelist•added 2026/05/22 9:12 a.m.•5 views

Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload

In 2025, we observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group we have known since 2014. During our investigation, we identified n...

9.3CVSS6.1AI score0.94073EPSS

Exploits7

OSV•added 2026/05/22 6:34 a.m.•3 views

MAL-2026-4604 Malicious code in lynx-keeper-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9cebbf0e6cc5a35eea6e6869d295d072526b6ff7d566c49bc80f15952138cf88 lynx-keeper-cli ships a heavily obfuscated payload in dist/index.js that runs at require time. After a CI-evasion gate that aborts when...

5.8AI score

Exploits0References3