CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Malwarebytes•added 3 days ago•10 views

Payment apps are watching what you say (Lock and Code S07E11)

This week on the Lock and Code podcast … In the United States today, you can have your bank account closed, your credit cards cancelled, and your online payments revoked for any number of crimes, like funding terrorism, engaging in money laundering, or violating sanctions. Sensible, right? Well,...

5.9AI score

Vulnrichment•added 2026/05/28 3:44 a.m.•7 views

CVE-2026-9793 Keycloak: keycloak: security policy bypass in jwe-encrypted request object processing

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

5.9CVSS5.8AI score0.00013EPSS

Exploits0References2

EUVD•added 2026/05/28 3:44 a.m.•6 views

EUVD-2026-32707

5.9CVSS5.8AI score0.00013EPSS

Exploits0References2

Packet Storm News•added 2026/05/28 12:0 a.m.•4 views

An Organization-Scoped LLM Agent Runtime Architecture for Regulated Cybersecurity Operations

Regulated cybersecurity workflows lack a runtime substrate that enforces organization-level scope across retrieval, tool calls, memory, findings, reports, and audit while remaining model-agnostic and locally deployable. Recent large language model LLM agent systems report strong results on isolat...

NVD•added 2026/05/26 5:16 p.m.•5 views

CVE-2025-36148

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the...

6.1CVSS0.00054EPSS

ATTACKERKB•added 2026/05/26 3:51 p.m.•4 views

CVE-2025-36148

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/26 3:51 p.m.•6 views

CVE-2025-36148 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

Cvelist•added 2026/05/26 3:51 p.m.•31 views

CVE-2025-36148 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms is vulnerable to cross-site scripting.

5.4CVSS0.00054EPSS

EUVD•added 2026/05/26 3:51 p.m.•5 views

EUVD-2025-209929

CNNVD•added 2026/05/26 12:0 a.m.•5 views

IBM Financial Transaction Manager for SWIFT Services 跨站脚本漏洞

IBM Financial Transaction Manager for SWIFT Services is a financial transaction manager product developed by the American multinational company International Business Machines, Inc. IBM. This product is primarily used for monitoring, tracking, and reporting financial payments and transactions...

6.1CVSS5.8AI score0.00054EPSS

Positive Technologies•added 2026/05/26 12:0 a.m.•5 views

PT-2026-43281

Krebs on Security•added 2026/05/25 1:21 p.m.•10 views

Exploits0References2

Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks

Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025...

The Hacker News•added 2026/05/25 9:32 a.m.•16 views

Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms

Cybersecurity researchers have shed light on a cross-platform malware called RemotePE that has been put to use by the North Korea-linked Lazarus Group in attacks targeting financial and cryptocurrency organizations. RemotePE, per NCC Group subsidiary Fox-IT, is part of a multi-stage attack chain...

The Hacker News•added 2026/05/23 7:23 a.m.•16 views

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2026-9082 CVSS score: 6.5, an...

9.8CVSS6.8AI score0.13033EPSS

Exploits10

Malwarebytes•added 2026/05/20 3:33 p.m.•8 views

Fake malware-signing service Fox Tempest dismantled by Microsoft

Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...

6AI score

The Hacker News•added 2026/05/20 2:36 p.m.•28 views

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...

Akamai Blog•added 2026/05/20 9:0 a.m.•4 views

This Is a Hold-Up: Financial Services Under Attack

...

Hive Pro Threat Advisories•added 2026/05/13 4:57 a.m.•7 views

DORA Compliance Cybersecurity Guide for Finance

DORA Compliance Cybersecurity: A Practical Guide for Financial Services Teams DORA compliance cybersecurity is now a board-level priority for banks, insurers, investment firms, payment providers, and the ICT providers that support them. The Digital Operational Resilience Act shifts the conversati...

5.9AI score