CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/06/04 7:31 p.m.•4 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.9AI score0.00246EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/06/04 12:0 a.m.•10 views

PT-2026-46374

Unauthenticated Local File Inclusion in Orpheus = 1.3 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•13 views

PT-2026-46332

Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme = 1.2.2 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46362

Unauthenticated Local File Inclusion in Granola = 1.13 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46324

Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...

8.1CVSS5.2AI score0.00435EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46368

Unauthenticated Local File Inclusion in Skyward = 1.10 versions...

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46340

Unauthenticated Local File Inclusion in Especio = 1.0 versions...

8.1CVSS5.2AI score0.00435EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46351

Unauthenticated Local File Inclusion in Abelle = 1.22 versions...

8.1CVSS5.2AI score0.00435EPSS

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46328

Unauthenticated PHP Object Injection in Reisen = 1.4.1 versions...

9.8CVSS5.3AI score0.00386EPSS

Positive Technologies•added 2026/06/03 12:0 a.m.•8 views

PT-2026-45932

BREAKING: Samsung discloses critical CVE-2026-23786 and CVE-2024-53922 in semiconductor products, enabling potential unauthorized access with patches pending. https://t.co/As20ekaylO...

5.8AI score

Exploits0References1

Ubuntu•added 2026/06/02 2:46 p.m.•18 views

USN-8371-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker...

8.8CVSS6.3AI score0.93418EPSS

Exploits47

Wordfence Blog•added 2026/05/29 4:23 p.m.•24 views

Wordfence Bug Bounty Program Monthly Report – March 2026

In March 2026, the Wordfence Bug Bounty Program received 1718 vulnerability submissions from our growing community of security researchers working to improve the overall security posture of the WordPress ecosystem. These submissions are reviewed, triaged, and processed by the Wordfence Threat...

6.2AI score

The Hacker News•added 2026/05/28 1:53 p.m.•20 views

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure CVD, urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a...

7.8CVSS6.6AI score0.63076EPSS

Exploits6

Positive Technologies•added 2026/05/27 12:0 a.m.•11 views

PT-2026-43621

Threat Intel May 26, 2026 Vulnerability Intelligence Briefing Curated from daily vulnerability intelligence monitoring and exploitation telemetry analysis by cvelogic. --- 1. Known Exploited Vulnerabilities CISA KEV CVE-2026-48172 LiteSpeed cPanel Plugin Added to the CISA KEV catalog following...

10CVSS6.5AI score0.981EPSS

Exploits89References1

MSRC•added 2026/05/27 12:0 a.m.•10 views

A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure

In recent weeks several zero-day vulnerabilities have been publicly disclosed. The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk...

5.8AI score

Positive Technologies•added 2026/05/26 12:0 a.m.•15 views

PT-2026-43620

Name of the Vulnerable Software and Affected Versions radvd versions prior to 2.21 Description The radvdump utility contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, the print ff function copies up to 2032 bytes of...

7.7CVSS6.1AI score0.00155EPSS

Exploits0References12

Packet Storm News•added 2026/05/21 12:0 a.m.•8 views

A First Measurement Study on Authentication Security in Real-World Remote MCP Servers

The Model Context Protocol MCP is emerging as a common interface connecting large language models LLMs with external services. Remote deployments are becoming increasingly important as agents connect to user-linked online services, such as social, productivity, and financial services. In such...

5.8AI score

Packet Storm News•added 2026/05/19 12:0 a.m.•11 views

Hunting Vulnerability Variants in AI Infra: Measurement and Reference-Driven Detection

AI infra has become a shared execution layer for model training, deployment, and agent orchestration. Because many projects reimplement similar model-centric workflows, a vulnerability disclosed in one repository can recur as a variant in another repository with a related design. Yet the prevalen...

5.9AI score