CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/05/05 6:22 a.m.•3 views

CVE-2026-7824 PaperCut Hive (Ricoh): Plain text password in logs

ATTACKERKB•added 2026/05/05 6:22 a.m.•1 views

CVE-2026-7824

CVE•added 2026/05/05 6:22 a.m.•6 views

Exploits0References2

CVE-2026-7824

CVE-2026-7824 – PaperCut Hive (Ricoh) : In the PaperCut Hive Ricoh embedded application, enabling the diagnostic/Deep Logging mode causes administrative credentials to be recorded in plain text in log files. An attacker with administrative access to the PaperCut Hive management portal can remotel...

CNNVD•added 2026/05/05 12:0 a.m.•4 views

PaperCut Hive 日志信息泄露漏洞

PaperCut Hive is a cloud-based printing management solution developed by the Australian company PaperCut. PaperCut Hive has a vulnerability related to log information leakage. This vulnerability arises from the recording of plaintext management credentials when the deep logging mode is enabled...

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-36984

Name of the Vulnerable Software and Affected Versions PaperCut Hive Ricoh embedded application affected versions not specified Description An issue exists where the application records administrative credentials in plain text within log files when the "Deep Logging" diagnostic mode is enabled. An...

AstraLinux•added 2026/05/03 11:59 p.m.•8 views

Exploits0References4

Astra Linux - уязвимость в poppler

Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata such as GTSPDFEVersion of a PDF document, e.g., a regular expression for a long pdfsubver string. This occurs in Dict::lookup, Catalog::getMetadata, and associated...

2.9CVSS5.8AI score0.00009EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в openexr

There is a flaw in OpenEXR’s deep tile sample size calculations in versions before 3.0.0-beta. An attacker who can submit a crafted file for processing by OpenEXR could trigger an integer overflow, resulting in an out-of-bounds read. The greatest risk of this flaw is to the application’s...

5.5CVSS6.8AI score0.00364EPSS

Exploits0References2

Tenable Nessus•added 2026/05/01 12:0 a.m.•2 views

Cisco Firepower Threat Defense (FTD) Software Snort Deep Inspection Bypass (cisco-sa-ftd-snort-bypass-rLggKzVF)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the Snort detection engine of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass the configured...

5.8CVSS5.8AI score0.00034EPSS

Exploits0References5

GithubExploit•added 2026/04/30 6:47 p.m.•52 views

hunter-max-oss

hunter-max A bug-bounty research framework. Two pieces: 1...

5.6AI score

RedHat Linux•added 2026/04/30 3:26 p.m.•4 views

openexr: OpenEXR: Arbitrary code execution via integer overflow in EXR file processing

A flaw was found in OpenEXR, an image storage format library for the motion picture industry. An attacker can craft a malicious EXR file that, when processed, causes an integer overflow in the CompositeDeepScanLine::readPixels function. This overflow leads to an undersized buffer allocation, whic...

8.4CVSS6.7AI score0.00023EPSS

Exploits2References5

The Hacker News•added 2026/04/30 12:36 p.m.•15 views

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEPDOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion chain begins with execution of a batc...

6.2AI score

Exploit DB•added 2026/04/30 12:0 a.m.•53 views

Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap

Exploit Title: Google Chrome 145.0.7632.75 - CSSFontFeatureValuesMap Date: 2026-02-23 Exploit Author: nu11secur1ty Vendor Homepage: https://www.google.com/chrome/ Software Link: https://www.google.com/chrome/ Version: Chrome = 144.x | Chrome 145.0.7632.75 Tested on: Windows 11 / Linux / macOS CVE...

8.8CVSS5.8AI score0.23127EPSS

Exploits12

Packet Storm News•added 2026/04/28 12:0 a.m.•5 views

EDySec: A Deep Learning-Based Explainable Dynamic Analysis Framework for Detecting Malicious Packages in PyPI Ecosystem

The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation. Traditional Machine Learning ML detectors struggle to detect these...

5.6AI score

Schneier on Security•added 2026/04/24 9:3 p.m.•4 views

Friday Squid Blogging: How Squid Survived Extinction Events

Science news: Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago,...

5.5AI score

Vulnrichment•added 2026/04/24 6:1 p.m.•0 views

CVE-2026-42039 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and...

6.9CVSS5.2AI score0.00023EPSS

Exploits1References1

CNNVD•added 2026/04/24 12:0 a.m.•4 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an NFC-A cascade deep limit. This vulnerability may lead to a heap buffer overflow...

8.8CVSS6.1AI score0.00044EPSS