CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/06/04 11:15 a.m.•3 views

CVE-2026-10802

A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/core/queries/output-field.ts of the component GraphQL API Endpoint. The manipulation results in resource consumption. It is possible to launch the attac...

5.3CVSS5.5AI score0.00522EPSS

Exploits0References8Affected Software1

Positive Technologies•added 2026/06/04 12:0 a.m.•7 views

PT-2026-46188

5.3CVSS5.5AI score0.00522EPSS

Exploits0References9

Positive Technologies•added 2026/06/04 12:0 a.m.•11 views

PT-2026-46404

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00552EPSS

Exploits0References1

CNNVD•added 2026/06/04 12:0 a.m.•4 views

Microsoft Graph 信息泄露漏洞

Microsoft Graph is a unified API platform of the American company Microsoft. There is an information leakage vulnerability in Microsoft Graph; this vulnerability stems from the exposure of sensitive information to unauthorized actors, which may allow authorized attackers to disclose information...

6.5CVSS5.3AI score0.00552EPSS

Exploits0References1

NVD•added 2026/06/02 8:16 p.m.•8 views

CVE-2026-10584

Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception of requests intended to be sent over HTTPS. To remediate this issue, users should upgrade to Graph Explorer...

8.2CVSS0.00101EPSS

Cvelist•added 2026/06/02 7:8 p.m.•27 views

CVE-2026-10584 HTTPS Fallback to HTTP in Graph Explorer

8.2CVSS0.00101EPSS

CVE•added 2026/06/02 7:8 p.m.•16 views

CVE-2026-10584

Graph Explorer before 3.0.1 uses an HTTP fallback when certificate files are missing, exposing potential interception of HTTPS requests. The vulnerability affects the proxy component of Graph Explorer and can lead to disclosure of sensitive information. The recommended remediations are to upgrade...

EUVD•added 2026/06/02 7:8 p.m.•7 views

EUVD-2026-34011

Vulnrichment•added 2026/06/02 7:8 p.m.•6 views

CVE-2026-10584 HTTPS Fallback to HTTP in Graph Explorer

ATTACKERKB•added 2026/06/02 7:8 p.m.•6 views

CVE-2026-10584

Exploits0References3Affected Software1

Positive Technologies•added 2026/06/02 12:0 a.m.•7 views

PT-2026-45817

Name of the Vulnerable Software and Affected Versions Graph Explorer versions prior to 3.0.1 Description The proxy server falls back to HTTP when certificate files are missing. This behavior may allow remote threat actors to intercept requests intended for HTTPS and obtain sensitive information...

8.2CVSS5.5AI score0.00101EPSS

Exploits0References4

CNNVD•added 2026/06/02 12:0 a.m.•3 views

Graph Explorer 安全漏洞

Graph Explorer is an interactive web application for visual exploration of graph databases, open-sourced by Amazon Web Services. Previous versions of Graph Explorer, such as 3.0.1, contained security vulnerabilities. These vulnerabilities stemmed from the proxy server falling back to HTTP when th...

8.2CVSS5.5AI score0.00101EPSS

Veeam•added 2026/06/02 12:0 a.m.•9 views

Support Statement — Impact of SharePoint Service Prioritization on Veeam Backup Performance

Article Applicability This article is regarding SharePoint Service Prioritization, a paid, consumption-based Microsoft Azure feature billed through the customer's Microsoft Azure subscription. It affects only SharePoint and OneDrive backup performance. Exchange Online uses a different throttling...

5.8AI score

NVD•added 2026/06/01 9:16 a.m.•12 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS0.00459EPSS

Exploits0References3

ATTACKERKB•added 2026/06/01 7:54 a.m.•7 views

CVE-2026-40963

5.8AI score0.00459EPSS

Exploits0References3Affected Software1

Cvelist•added 2026/06/01 7:48 a.m.•36 views

CVE-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

0.00572EPSS

Packet Storm News•added 2026/06/01 12:0 a.m.•10 views

SECUREVENT: Hybrid AI/ML Security Monitoring for Distributed Event-Based Systems

Distributed event-based systems have become a common substrate for Internet-scale publish/subscribe services, IoT telemetry, cloud-native microservices, and security operations pipelines. Their loose coupling and asynchronous delivery improve scalability, but they also expand the attack surface:...

5.8AI score

Packet Storm News•added 2026/06/01 12:0 a.m.•6 views

Cross-Vendor Sola ISPM Benchmark: Evaluating Agentic AI for Federated Identity Security Reasoning

The rapid proliferation of multi-cloud and SaaS platforms has transformed Identity Security Posture Management ISPM into a fundamentally cross-vendor challenge: critical misconfigurations and privilege escalation paths increasingly span multiple identity providers, infrastructure layers, and...

5.9AI score