CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/26 3:15 p.m.•1 views

CVE-2026-4216

A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and cou...

5.3CVSS5.5AI score0.00017EPSS

Exploits0References1

Malwarebytes•added 2026/03/26 1:0 p.m.•6 views

GlassWorm attack installs fake browser extension for surveillance

GlassWorm hides inside developer tools. Once it's in, it steals data, installs remote access malware, and even a fake browser extension to monitor activity. While it starts with developers, the impact can quickly spread. With stolen credentials, access tokens, and compromised tools, attackers can...

6.1AI score

HackRead•added 2026/03/26 11:53 a.m.•1 views

Suspected Hijacked Developer Accounts Spread npm Malware

Sonatype uncovers a sophisticated malware campaign using hijacked npm developer accounts to steal API keys and passwords. Is your dev environment at risk?...

OSSF Malicious Packages•added 2026/03/26 6:18 a.m.•8 views

Malicious code in checkmarx.ast-results (VSCode:https://open-vsx.org)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security 3205937565e6fad63cbece12a8463cd52f3e95c10ac99ab7e62a317e9c18717a This extension is a compromised version of the offical Checkmarx VSCode extensions available on the Microsoft Marketplace, by the TeamPCP...

5.9AI score

Exploits0References3

Trend Micro Simply Security•added 2026/03/26 12:0 a.m.•1 views

Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise

TeamPCP orchestrated one of the most sophisticated multi-ecosystem supply chain campaigns publicly documented to date that cascaded through developer tooling and compromised LiteLLM, exposing how AI proxy services that concentrate API keys and cloud credentials become high-value collateral when...

Microsoft Secure•added 2026/03/24 5:0 p.m.•3 views

Governing AI agent behavior: Aligning user, developer, role, and organizational intent

AI agents increasingly perform tasks that involve reasoning, acting, and interacting with other systems. Building a trusted agent requires ensuring it operates within the correct boundaries and performs tasks consistent with its intended purpose. In practice, this requires aligning several layers...

5.9AI score

HackRead•added 2026/03/23 10:37 p.m.•2 views

New CanisterWorm Targets Kubernetes Clusters, Deploys “Kamikaze” Wiper

CanisterWorm spreads via npm supply chain attack, hijacks developer accounts, targets Kubernetes clusters, and deploys destructive Kamikaze wiper payload...

Malwarebytes•added 2026/03/23 12:42 p.m.•4 views

Advanced Flow will make Android sideloading safer

Google has announced the introduction of Advanced Flow, designed to let Android users install apps from unverified developers more safely than before. This process is known as sideloading. It means installing an app on your device from somewhere other than the Google Play store, usually by...

CNNVD•added 2026/03/23 12:0 a.m.•2 views

Pegasystems Pega Robot Studio 安全漏洞

Pegasystems Pega Robot Studio is an RPA Robotic Process Automation integration development environment provided by Pegasystems Corporation in the United States. There is a security vulnerability in Pegasystems Pega Robot Studio. This vulnerability stems from the possibility of arbitrary file...

9CVSS6AI score0.00061EPSS

Exploits0References1

EUVD•added 2026/03/22 3:31 p.m.•3 views

EUVD-2019-19952

EquityPandit 1.0 contains an insecure logging vulnerability that allows attackers to capture sensitive user credentials by accessing developer console logs via Android Debug Bridge. Attackers can use adb logcat to extract plaintext passwords logged during the forgot password function, exposing us...

8.7CVSS5.8AI score0.00045EPSS

HackRead•added 2026/03/19 11:35 a.m.•5 views

Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data

Cybersecurity researchers at Bitdefender have discovered a malicious Windsurf IDE extension using the Solana blockchain to steal developer credentials...

Hacker One•added 2026/03/18 7:47 a.m.•15 views

curl: Exposed .git/config File Leading to Potential Sensitive Information Disclosure

Summary: The .git/config file is publicly accessible on the target server, which may expose sensitive repository configuration details. This indicates that the .git directory is improperly exposed, potentially allowing attackers to reconstruct the entire source code repository and extract sensiti...

EUVD•added 2026/03/16 3:30 p.m.•1 views

EUVD-2026-12335

5.3CVSS5.3AI score0.00017EPSS

Exploits0References5

NVD•added 2026/03/16 2:20 p.m.•1 views

CVE-2026-4216

5.3CVSS0.00017EPSS

Cvelist•added 2026/03/16 5:2 a.m.•28 views

CVE-2026-4216 i-SENS SmartLog App air.SmartLog.android hard-coded credentials

5.3CVSS0.00017EPSS

ATTACKERKB•added 2026/03/16 5:2 a.m.•0 views

CVE-2026-4216

5.3CVSS5.3AI score0.00017EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/03/16 5:2 a.m.•0 views

CVE-2026-4216 i-SENS SmartLog App air.SmartLog.android hard-coded credentials

5.3CVSS5.6AI score0.00017EPSS

CVE•added 2026/03/16 5:2 a.m.•2 views

CVE-2026-4216

The CVE-2026-4216 entry concerns the i-SENS SmartLog App (air.SmartLog.android) for Android up to version 2.6.8. The vulnerability arises from a developer-mode function used during Bluetooth pairing configuration, which permits hard-coded credentials to be exposed. Impact is described as partial ...

5.3CVSS5.5AI score0.00017EPSS

Fedora•added 2026/03/16 1:11 a.m.•3 views

[SECURITY] Fedora 42 Update: python3.6-3.6.15-53.fc42

6.3CVSS7.2AI score0.00128EPSS