CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/26 5:7 p.m.•30 views

CVE-2026-44706 Chatwoot: SQL Injection in Conversation/Contact Filter API via Custom Attribute Values

8.5CVSS0.00029EPSS

EUVD•added 2026/05/26 5:7 p.m.•7 views

EUVD-2026-31913

8.5CVSS6.1AI score0.00029EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•5 views

PT-2026-43348

Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is greater than or is less than operators, user-supplied values in the valu...

8.5CVSS6.1AI score0.00029EPSS

Vulnrichment•added 2026/05/21 9:4 p.m.•2 views

CVE-2026-8238 Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/message_page' allowing unauthenticated read of any conversation message

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.8AI score0.00046EPSS

Vulnrichment•added 2026/05/21 9:1 p.m.•1 views

CVE-2026-8237 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpoint

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

6.3CVSS5.8AI score0.00046EPSS

Positive Technologies•added 2026/05/21 12:0 a.m.•4 views

PT-2026-42560

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message page' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and t...

6.3CVSS5.8AI score0.00046EPSS

RedhatCVE•added 2026/05/16 1:57 a.m.•7 views

CVE-2026-44504

Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's threadid, can execute graph runs against the user's thread, read the user's full...

8.6CVSS6AI score0.00014EPSS

Snyk•added 2026/05/14 8:25 p.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the updatemessagebyid and deletemessagebyid handlers in channels.py. An attacker can overwrite or remove another member’s group or direct message conte...

5.3CVSS5.8AI score0.00036EPSS

Exploits1References2

Github Security Blog•added 2026/05/12 12:32 p.m.•8 views

Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

Exploits0References4Affected Software3

OSV•added 2026/05/12 12:32 p.m.•1 views

GHSA-Q62F-H9X2-GCQC Spring AI: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

OSV•added 2026/05/12 12:32 p.m.•1 views

Exploits0References3

GHSA-5852-PHMH-8FHR Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

Github Security Blog•added 2026/05/12 12:32 p.m.•6 views

Exploits0References3

Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor

Exploits0References3Affected Software1

EUVD•added 2026/05/12 12:32 p.m.•5 views

EUVD-2026-29449

NVD•added 2026/05/12 11:16 a.m.•3 views

Exploits0References3

CVE-2026-41713

8.2CVSS0.00042EPSS

ATTACKERKB•added 2026/05/12 10:17 a.m.•6 views

CVE-2026-41713

Exploits0References3Affected Software1

Cvelist•added 2026/05/12 10:17 a.m.•28 views

CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...

7.5CVSS0.00045EPSS

CVE•added 2026/05/12 10:17 a.m.•7 views

CVE-2026-41712

The CVE-2026-41712 entry concerns Spring AI's chat memory component, where a problematic default (DEFAULT_CONVERSATION_ID) can cause cross-user data exposure when not explicitly overridden. Affected element: the chat memory/session handling; root cause: default configuration that ties user conver...

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/12 10:17 a.m.•3 views

CVE-2026-41712 ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage

Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...