CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

GithubExploit•added 2 days ago•46 views

Exploit for Authorization Bypass Through User-Controlled Key in Docmost

CVE-2026-34213 A low-privileged Docmost user could supply a vi...

5.4CVSS5.7AI score0.0017EPSS

Exploits2

GithubExploit•added 2 days ago•46 views

Exploit for Cross-site Scripting in Docmost

CVE-2026-34212 Docmost accepted a javascript: URL inside an at...

5.4CVSS6.1AI score0.00197EPSS

Exploits3

The Hacker News•added 2 days ago•6 views

CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management PDM and Product Lifecycle Management PLM software to its Known Exploited Vulnerabiliti...

9.3CVSS6.7AI score0.01106EPSS

RedhatCVE•added 2 days ago•7 views

CVE-2026-56370

An out-of-bounds access vulnerability exists in ImageMagick's ConnectedComponentsImage function. By passing malformed connected-components definitions through the CLI, an attacker can cause a denial of service or potentially execute arbitrary code. Mitigation Prevent the injection of malformed...

7.8CVSS6.2AI score0.00121EPSS

Exploits0References5

OSV•added 2 days ago•3 views

MAL-2026-6519 Malicious code in react-icon-svgs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ff5b9a03e2018642801f0a9d253297cf1eb8ce39a8af4152f31bcd045e4768d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in rollup-plugin-polyfill-connect (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b21017bf70f3f7909beadfff916971711ef9d236ab81797b3bb53569034fa67c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2 days ago•5 views

Malicious code in react-icon-svgs (npm)

OSV•added 2 days ago•3 views

MAL-2026-6520 Malicious code in rollup-plugin-polyfill-connect (npm)

Rockylinux•added 2 days ago•3 views

nginx security update

An update is available for nginx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other protocols, with a...

9.2CVSS6.2AI score0.02596EPSS

Exploits3

OSV•added 2 days ago•2 views

RLSA-2026:29874 Important: nginx security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: ngxhttprewritemodule: code execution and denial of service CVE-2026-9256 For more details about the security issues, including the impac...

8.1CVSS6.2AI score0.02596EPSS

Exploits3References2

Wiz blog•added 2 days ago•6 views

MCP Auto-Execution: From Git Clone to Cloud Compromise in Amazon Q VS Code Extension

By automatically loading MCP servers from workspace files, Amazon Q enabled attackers to execute code and access sensitive cloud environments...

5.9AI score

The Hacker News•added 2 days ago•11 views

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 CVSS 8.8, it lets a local user corrupt file-backed...

8.8CVSS6.1AI score0.0013EPSS

Exploits5

The Hacker News•added 2 days ago•9 views

Guardian Agents: The Next Layer of Identity Governance

AI agents are moving through enterprise environments, inheriting permissions, traversing systems, and executing decisions at machine speed with minimal oversight. The identity infrastructure built to govern human access wasn't designed for autonomous actors, and the gap between what enterprises a...

6.2AI score

OSSF Malicious Packages•added 2 days ago•4 views

Malicious code in ai-node-relay (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 15dbf12bf77945563589af277a5a11fc548f282dfb1ab8fb8b0e8253d28ec854 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2 days ago•4 views

Malicious code in ai-node-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0730db02e46f4cfb224880f60bcdcdd43ed4d1bc97c68ee404428f7c592445cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2 days ago•4 views

MAL-2026-6517 Malicious code in ai-node-agent (npm)

OSV•added 2 days ago•3 views

MAL-2026-6518 Malicious code in ai-node-relay (npm)