CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/01/15 2:52 p.m.•2 views

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +16 more potentially affected by CVE-2026-0897 via keras (>=3.0.0 <=3.12.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =14.0.0, =14.1.0 and more Source cves: CVE-2026-0897 Source advisory: SNYK:PYTHON-KERAS-14947722...

7.5CVSS6.6AI score0.00364EPSS

Exploits3

vulnersOsv•added 2026/01/15 2:16 p.m.•7 views

adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +19 more potentially affected by CVE-2026-0897 via keras (>=3.0.0 <=3.13.0)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =3.14.3, =0.1.0, =0.0.60, =0.0.61 and more Source cves: CVE-2026-0897 Source advisory: OSV:PYSEC-2026-73...

7.5CVSS6.6AI score0.00364EPSS

Exploits3

Wiz blog•added 2026/01/14 2:0 p.m.•8 views

Introducing the Wiz Partner Alliance: A New Chapter for Partner Success

Building the future of cloud security, together...

7AI score

RedhatCVE•added 2026/01/13 10:53 p.m.•3 views

CVE-2025-14718

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated...

5.4CVSS5.9AI score0.00296EPSS

HackRead•added 2026/01/12 10:14 p.m.•8 views

Russian BlueDelta (Fancy Bear) Uses PDFs to Steal Logins in Just 2 Seconds

New research from Recorded Future reveals how Russian state hackers BlueDelta are using fake Microsoft and Google login portals to steal credentials. The campaign involves using legitimate PDF lures from GRC and EcoClimate to trick victims...

7AI score

RedhatCVE•added 2026/01/09 8:44 a.m.•7 views

CVE-2022-23470

Galaxy is an open-source platform for data analysis. An arbitrary file read exists in Galaxy 22.01 and Galaxy 22.05 due to the switch to Gunicorn, which can be used to read any file accessible to the operating system user under which Galaxy is running. This vulnerability affects Galaxy 22.01 and...

8.6CVSS6.8AI score0.00785EPSS

NVD•added 2026/01/09 7:16 a.m.•12 views

CVE-2025-14718

5.4CVSS0.00296EPSS

Cvelist•added 2026/01/09 6:34 a.m.•28 views

CVE-2025-14718 Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories <= 4.9.3 - Missing Authorization to Authenticated (Contributor+) Workflow Manipulation

5.4CVSS0.00296EPSS

CVE•added 2026/01/09 6:34 a.m.•17 views

CVE-2025-14718

CVE-2025-14718 affects the Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress. The WordPress plugin exposes an authorization bypass where an attacker with Contributor-level access or higher can perform actions without pr...

5.4CVSS5.5AI score0.00296EPSS

Vulnrichment•added 2026/01/09 6:34 a.m.•4 views

5.4CVSS5.5AI score0.00296EPSS

Positive Technologies•added 2026/01/09 12:0 a.m.•6 views

PT-2026-1750

Name of the Vulnerable Software and Affected Versions PublishPress Future versions through 4.9.3 Description The Schedule Post Changes With PublishPress Future plugin for WordPress has an authorization bypass issue. The plugin does not properly verify user authorization, allowing authenticated...

5.4CVSS6.5AI score0.00296EPSS

Exploits0References5

CNNVD•added 2026/01/09 12:0 a.m.•4 views

WordPress plugin Schedule Post Changes With PublishPress Future 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

5.4CVSS6.4AI score0.00296EPSS

Exploits0References3

CVE•added 2026/01/05 4:38 p.m.•39 views

CVE-2024-30516

CVE-2024-30516 refers to an Improper Validation of Specified Quantity in Input in SaasProject Booking Package, enabling access to functionality not properly constrained by ACLs. Affected versions: Booking Package up to 1.6.27 (n/a through 1.6.27). Root cause: input quantity validation flaw leadin...

7.5CVSS8.2AI score0.00224EPSS

Veracode•added 2025/12/29 9:51 a.m.•4 views

Cross-site Scripting (XSS)

ibexa/admin-ui is vulnerable to cross-site scripting XSS. The vulnerability is due to improper escaping of user-controlled input in image asset names, content language names, and future publishing within the back office, which allows an attacker with editor or administrator-level permissions to...

5.7AI score

IBM Security Bulletins•added 2025/12/29 7:27 a.m.•6 views

Security Bulletin: Vulnerability in Python-Future 1.0.0 module affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Python-Future 1.0.0 module has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional...

5.4CVSS6.2AI score0.00271EPSS

Exploits0Affected Software2

Wired Threat Level•added 2025/12/27 10:0 a.m.•1 views

The US Must Stop Underestimating Drone Warfare

The future of conflict is cheap, rapidly manufactured, and tough to defend against...

7AI score

CVE•added 2025/12/21 12:6 a.m.•407 views

CVE-2023-47232

Affected software: WordPress plugin WP Affiliate Disclosure (wp-affiliate-disclosure). Vulnerability type & root cause: Broken access control exposing limited operations to subscribers due to CSRF-like issues in check_capability, as reported for versions up to 1.2.6. Impact: Unauthorized changes ...

4.3CVSS8.6AI score0.00198EPSS