CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added yesterday•3 views

CVE-2026-4035

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS

Vulnrichment•added yesterday•3 views

CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow

Cvelist•added yesterday•7 views

CVE-2026-4035 Environment Variable Resolution Vulnerability in mlflow/mlflow

9.1CVSS

EUVD•added yesterday•4 views

EUVD-2026-34068

CVE•added yesterday•7 views

CVE-2026-4035

CVE-2026-4035 affects mlflow/mlflow versions before 3.11.0. The API for AI Gateway secrets allows the api_key field to contain $ENV_VAR references, which are resolved against the MLflow server environment at runtime. Attackers can exfiltrate server-side environment credentials (e.g., AWS_ACCESS_K...

ATTACKERKB•added yesterday•3 views

CVE-2026-4035

Nuclei•added yesterday•38 views

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

5.3CVSS6.2AI score0.72874EPSS

Exploits1References5

Nuclei•added yesterday•101 views

Check Point Quantum Gateway - Information Disclosure

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available. id: CVE-2024-24919 info: name: Check Poi...

8.6CVSS7.5AI score0.94342EPSS

Exploits52References5

Nuclei•added yesterday•14 views

Citrix NetScaler ADC and NetScaler Gateway - Remote Code Execution

critical unauthenticated remote code execution RCE vulnerability affecting Citrix ADC NetScaler ADC and Citrix Gateway appliances configured as a Gateway VPN virtual server, ICA Proxy, CVPN, RDP Proxy or AAA virtual server. Exploitation can lead to arbitrary code execution. id: CVE-2023-3519 info...

9.8CVSS8.1AI score0.93629EPSS

Exploits16References3

Nuclei•added yesterday•8 views

Ozeki 10 SMS Gateway 10.3.208 - Arbitrary File Read

An arbitrary file read vulnerability, also known as a "path traversal" or "directory traversal" vulnerability, occurs when an attacker is able to access files on a system that they shouldn't have access to. This vulnerability arises from improper input validation or insufficient access controls i...

8.7CVSS7.5AI score0.17643EPSS

Nuclei•added yesterday•12 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS5.8AI score0.06417EPSS

Exploits0References4

Nuclei•added yesterday•24 views

Payment Gateway for Telcell < 2.0.4 - Open Redirect

The plugin does not validate the apiurl parameter before redirecting the user to its value, leading to an Open Redirect issue id: CVE-2023-6786 info: name: Payment Gateway for Telcell 2.0.4 - Open Redirect author: s4e-io severity: medium description: | The plugin does not validate the apiurl...

6.1CVSS5.8AI score0.01129EPSS

Exploits2References2

Ubuntu•added yesterday•1 views

USN-8348-1: GoBGP vulnerabilities

It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. CVE-2026-37461 Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP...

7.5CVSS6.5AI score0.00124EPSS

Exploits0

CVE•added yesterday•1 views

CVE-2026-36603

Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 is affected by an UPnP IGD vulnerability. The device exposes 15 of 18 UPnP IGD actions on port 1900 without authentication, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default via the admin interface, allowi...

5.9AI score

Exploits0References1

Cvelist•added yesterday•3 views

CVE-2026-36603

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 exposes 15 of 18 UPnP IGD actions without authentication on port 1900, including AddPortMapping and GetExternalIPAddress. UPnP is enabled by default through the admin interface, allowing any unauthenticated LAN device to create arbitrary...

Exploits0References1

EUVD•added yesterday•3 views

EUVD-2026-34083

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score

Vulnrichment•added yesterday•1 views

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score

Cvelist•added yesterday•3 views

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

Positive Technologies•added yesterday•2 views

PT-2026-45955

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score