CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/04/24 12:0 a.m.•5 views

4ga Boards 安全漏洞

4ga Boards is a real-time project management dashboard system developed by RAR Personal Developers. Versions of 4ga Boards prior to 3.3.5 contained security vulnerabilities. These vulnerabilities stemmed from timing side channels in the login endpoint, which could lead to user enumeration...

5.3CVSS5.8AI score0.00039EPSS

Wired Threat Level•added 2026/04/21 6:30 p.m.•3 views

Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox

The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition...

Wired Threat Level•added 2026/04/21 10:0 a.m.•3 views

They Built a Legendary Privacy Tool. Now They’re Sworn Enemies

There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history...

CNNVD•added 2026/04/21 12:0 a.m.•8 views

Esri Portal For ArcGIS 安全漏洞

Esri Portal for ArcGIS is a component offered by Esri that allows for sharing maps, scenarios, applications, and other geographic information with others within an organization. Versions 11.4, 11.5, and 12.0 of Esri Portal for ArcGIS have security vulnerabilities. These vulnerabilities stem from...

9.8CVSS5.8AI score0.00064EPSS

CNNVD•added 2026/04/21 12:0 a.m.•6 views

Net::Dropbear 安全漏洞

Net::Dropbear is an SSH client interface module developed by ATRODO’s individual developers, based on Dropbear. Versions of Net::Dropbear prior to 0.14 contained security vulnerabilities, which stemmed from the inclusion of the vulnerable libtomcrypt library. These vulnerabilities may be affected...

10CVSS7.1AI score0.00021EPSS

OSSF Malicious Packages•added 2026/04/16 10:3 a.m.•5 views

Malicious code in linode-developers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55911ad2b0d383d30b5cd3daeec59c9f4419c01231c45fe9813e1b7ff7260e13 The package linode-developers was found to contain malicious code...

5.7AI score

OSV•added 2026/04/16 10:3 a.m.•4 views

MAL-2026-2777 Malicious code in linode-developers (npm)

5.7AI score

CNNVD•added 2026/04/13 12:0 a.m.•2 views

Crypt::SecretBuffer 安全漏洞

Crypt::SecretBuffer is a cryptographic buffer module developed by NERDVANA’s individual developers, designed for secure storage and memory protection of sensitive data. Versions of Crypt::SecretBuffer prior to 0.019 contained security vulnerabilities, which were due to susceptibility to timing...

7.5CVSS5.9AI score0.00016EPSS

Exploits0References2

CNNVD•added 2026/04/13 12:0 a.m.•2 views

Solstice::Session 安全漏洞

Solstice::Session is a server-side session component developed by MCRAWFOR’s developers, used to manage user sessions and request states. Versions of Solstice::Session prior to 1440 contained security vulnerabilities, which stemmed from insecure session ID generation, potentially allowing attacke...

9.1CVSS5.8AI score0.00045EPSS

Exploits0References4

HackRead•added 2026/04/10 4:55 p.m.•1 views

GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware

ReversingLabs has discovered a fresh wave of the graphalgo campaign in which North Korean Lazarus hackers are using fake Florida LLCs, mimicking SWFT Blockchain, and using GitHub typo-squatting to target developers with malware...

Wiz blog•added 2026/04/09 12:0 p.m.•4 views

Bringing Security Visibility to Vercel with Wiz

Giving developers and security teams a shared view of application risk as it evolves...

5.9AI score

GithubExploit•added 2026/04/09 6:11 a.m.•172 views

Exploit for CVE-2026-40271

Lazarus Group: 19-Day A/B Test Campaign Analysis TLP:CLEA...

6AI score

Exploits1

EUVD•added 2026/04/09 12:32 a.m.•1 views

EUVD-2026-20795

GitLab has remediated an issue in GitLab EE affecting all versions from 11.3 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with developer-role permissions to modify protected environment settings due to improper authorization checks in t...

4.3CVSS5.9AI score0.00011EPSS

Exploits0References4

Spring Engineering•added 2026/04/09 12:0 a.m.•5 views

Spring Office Hours Podcast: S5E12 - Developer Soft Skills with Arun Gupta

Join Dan Vega and DaShaun Carter for another essential update from the Spring ecosystem. In this episode, the guys are joined by DevRel and Java legend Arun Gupta to discuss a topic often overlooked but vital for career longevity: soft skills for developers. Drawing from his decades of experience...

NVD•added 2026/04/08 11:16 p.m.•4 views

CVE-2026-1752

4.3CVSS0.00011EPSS

Exploits0References3

Debian CVE•added 2026/04/08 10:25 p.m.•5 views

CVE-2026-1752

Removed by vendor...

4.3CVSS5.8AI score0.00011EPSS

HackRead•added 2026/04/07 5:56 p.m.•2 views

Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware

REF1695 hackers spread Monero mining malware via fake non-profit installers, using stealth tactics to evade detection and hijack systems for profit...

5.9AI score

Fedora•added 2026/04/04 1:3 a.m.•5 views

[SECURITY] Fedora 42 Update: python3.9-3.9.25-7.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

7CVSS6AI score0.00015EPSS

RedhatCVE•added 2026/04/02 10:53 a.m.•2 views

CVE-2026-21629

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00001EPSS