CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Rockylinux•added 2026/05/21 4:24 p.m.•11 views

cloud-init bug fix and enhancement update

An update is available for cloud-init. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

5.8AI score

OSV•added 2026/05/21 4:24 p.m.•10 views

RLSA-2026:8456 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/url:...

7.5CVSS7.2AI score0.0052EPSS

OSV•added 2026/05/21 4:24 p.m.•12 views

RLSA-2025:9844 Moderate: osbuild-composer security update

5.4CVSS6.8AI score0.00682EPSS

OSV•added 2026/05/21 4:24 p.m.•10 views

RLSA-2026:1380 Moderate: osbuild-composer security update

7.5CVSS5.8AI score0.00382EPSS

HackRead•added 2026/05/21 4:3 p.m.•13 views

Deleted Google API Keys Remain Active up to 23 Minutes, Study Finds

Deleted Google API Keys remain active for up to 23 minutes after deletion, exposing GCP, Gemini, BigQuery, and Maps data to attackers...

5.8AI score

Cvelist•added 2026/05/21 1:2 p.m.•41 views

CVE-2025-71211

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabili...

9.8CVSS0.03754EPSS

CVE•added 2026/05/21 1:2 p.m.•18 views

CVE-2025-71211

CVE-2025-71211 concerns Trend Micro Apex One Console; a directory traversal vulnerability enables remote code execution on affected installations. The ZDI advisory notes that the Apex One Console, listening on ports 8080 and 4343, allows remote attackers to execute arbitrary code without authenti...

9.8CVSS7.6AI score0.03754EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/21 1:2 p.m.•9 views

CVE-2025-71211

9.8CVSS7.6AI score0.03754EPSS

EUVD•added 2026/05/21 1:1 p.m.•10 views

EUVD-2025-209909

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

9.8CVSS7.7AI score0.03811EPSS

CVE•added 2026/05/21 1:1 p.m.•26 views

CVE-2025-71210

CVE-2025-71210 affects the Trend Micro Apex One management console. The connected sources describe a path traversal vulnerability in the console that could allow a remote attacker to upload and execute code, with exploitation possible when an attacker has access to the console. Affected products ...

9.8CVSS7.6AI score0.03811EPSS

Exploits0References2Affected Software1

The Hacker News•added 2026/05/21 10:30 a.m.•21 views

When Identity is the Attack Path

Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily accessible to a...

5.8AI score

OSV•added 2026/05/21 8:0 a.m.•8 views

MAL-2026-4228 Malicious code in @tiledesk/tiledesk-server (npm)

@tiledesk/tiledesk-server version 2.18.12 is a compromised release of the legitimate Tiledesk customer support platform package. This version was injected with a CI pipeline backdoor as part of the megalodon campaign — a mass GitHub repository backdooring operation targeting CI/CD runner...

6.1AI score

OSSF Malicious Packages•added 2026/05/21 5:52 a.m.•8 views

Malicious code in auth0-templates-scripts-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed9a505fcbf6daef28b6625dcbde65ea1dd00b01c1a684debfdedfc7e5bc3643 Package name impersonates the Auth0 ecosystem. Its postinstall hook node index.js runs unconditionally on npm install and performs a multi-stage data...

5.5AI score

OSV•added 2026/05/21 5:52 a.m.•8 views

MAL-2026-4490 Malicious code in auth0-templates-scripts-utils (npm)

5.5AI score

OSV•added 2026/05/21 3:48 a.m.•13 views

MAL-2026-4365 Malicious code in @atlisp/mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...

6.3AI score

Exploits0References1

ATTACKERKB•added 2026/05/21 12:47 a.m.•7 views

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.8AI score0.00339EPSS

EUVD•added 2026/05/21 12:47 a.m.•33 views

EUVD-2026-31205

10CVSS5.8AI score0.00339EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•6 views

PT-2026-42584

Summary The request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins Slack, Discord, Mattermost, Teams because httpAgent / httpsAgent were passed as part of the request body rather than the axios config. An authenticated user with hook-creation permissio...

4.3CVSS5.9AI score