CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2 days ago•21 views

CVE-2026-10584 HTTPS Fallback to HTTP in Graph Explorer

8.2CVSS0.00009EPSS

Vulnrichment•added 2 days ago•1 views

CVE-2026-10584 HTTPS Fallback to HTTP in Graph Explorer

EUVD•added 2 days ago•4 views

EUVD-2026-34011

CVE•added 2 days ago•8 views

CVE-2026-10584

Graph Explorer before 3.0.1 uses an HTTP fallback when certificate files are missing, exposing potential interception of HTTPS requests. The vulnerability affects the proxy component of Graph Explorer and can lead to disclosure of sensitive information. The recommended remediations are to upgrade...

ATTACKERKB•added 2 days ago•5 views

CVE-2026-10584

Exploits0References3Affected Software1

Veeam•added 2 days ago•5 views

Support Statement — Impact of SharePoint Service Prioritization on Veeam Backup Performance

Article Applicability This article is regarding SharePoint Service Prioritization, a paid, consumption-based Microsoft Azure feature billed through the customer's Microsoft Azure subscription. It affects only SharePoint and OneDrive backup performance. Exchange Online uses a different throttling...

Positive Technologies•added 2 days ago•3 views

PT-2026-45817

NVD•added 3 days ago•8 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS0.00045EPSS

ATTACKERKB•added 3 days ago•5 views

CVE-2026-40963

5.8AI score0.00045EPSS

Exploits0References3Affected Software1

Cvelist•added 3 days ago•31 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

0.0006EPSS

Packet Storm News•added 3 days ago•3 views

SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

CNNVD•added 3 days ago•5 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of...

3.1CVSS5.8AI score0.00045EPSS

Positive Technologies•added 3 days ago•5 views

PT-2026-45365

The structure data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00045EPSS

Packet Storm News•added 3 days ago•0 views

Cross-Vendor Sola ISPM Benchmark: Evaluating Agentic AI for Federated Identity Security Reasoning

The rapid proliferation of multi-cloud and SaaS platforms has transformed Identity Security Posture Management ISPM into a fundamentally cross-vendor challenge: critical misconfigurations and privilege escalation paths increasingly span multiple identity providers, infrastructure layers, and...

5.9AI score

Packet Storm News•added 4 days ago•2 views

Needles at Scale: LLM-Assisted Target Selection for Windows Vulnerability Research

The attack surface of a modern operating system is a haystack: thousands of signed binaries and millions of functions, almost none relevant to any given vulnerability. A human analyst or an LLM agent must pick the function worth reading before analyzing it. At whole-OS scope, this target selectio...

Packet Storm News•added 5 days ago•2 views

Framework for Discovering GPS Spoofing Attacks in Drone Swarms

Swarm robotics, particularly drone swarms, are used in various safety-critical tasks. While a lot of attention has been given to improving swarm control algorithms for improved intelligence, the security implications of various design choices in swarm control algorithms have not been studied. We...