CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

516 matches found

Spring Framework Path Traversal in Functional Web Frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.8AI score0.93188EPSS

Exploits5References3

GithubExploit•added 3 days ago•65 views

Exploit-Databases

💥 Exploits Database & PoC Resources Koleksi exploit databas...

5.9AI score

Exploits0

Nuclei•added 6 days ago•33 views

WebMvc.fn/WebFlux.fn - Path Traversal

7.5CVSS7AI score0.9389EPSS

Exploits1References4

Packet Storm News•added 2026/05/21 12:0 a.m.•3 views

Measuring Security without Fooling Ourselves: Why Benchmarking Agents Is Hard

The benchmarks used to evaluate AI agents in security-critical roles suffer from crucial weaknesses. Building on recent empirical evidence, we characterize three core challenges that undermine security evaluations: benchmark vulnerabilities, temporal staleness, and runtime uncertainty. We then...

5.8AI score

Exploits0

Microsoft Secure•added 2026/05/07 8:22 p.m.•5 views

When prompts become shells: RCE vulnerabilities in AI agent frameworks

In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...

9.9CVSS6.6AI score0.00103EPSS

Exploits1

Securelist•added 2026/05/07 10:0 a.m.•10 views

Exploits and vulnerabilities in Q1 2026

During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems. In this report, we dive into the statistics on published vulnerabilities and...

10CVSS7.9AI score0.94436EPSS

Exploits219

Packet Storm News•added 2026/05/04 12:0 a.m.•6 views

Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense

Autonomous LLM agents operate as long-running processes with persistent workspaces, memory files, scheduled task state, and messaging integrations. These features create a new propagation risk: attacker-influenced content can be written into persistent agent state, re-enter the LLM decision conte...

5.8AI score

Exploits0

Packet Storm News•added 2026/04/26 12:0 a.m.•1 views

Safeguarding Skies: Airport Cybersecurity in the Digital Age

The aviation industry faces significant vulnerabilities from both physical and cybersecurity threats, highlighting the urgent need for enhanced cybersecurity measures amid increasingly sophisticated attacks. This paper systematically reviews emerging threats at airports, analyzing real-world...

5.3AI score

Exploits0

Tenable Nessus•added 2026/04/23 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2026-41239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, SAFEFORTEMPLATES strips...

6.8CVSS5.7AI score0.00059EPSS

Exploits0References4

OSV•added 2026/04/22 5:32 p.m.•0 views

GHSA-CRV5-9VWW-Q3G8 DOMPurify has a SAFE_FOR_TEMPLATES bypass in RETURN_DOM mode

Summary | Field | Value | |:------|:------| | Severity | Medium | | Affected | DOMPurify main at 883ac15, introduced in v1.0.10 7fc196db | SAFEFORTEMPLATES strips ... expressions from untrusted HTML. This works in string mode but not with RETURNDOM or RETURNDOMFRAGMENT, allowing XSS via...

6.8CVSS5.8AI score0.00059EPSS

Exploits0References4