CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 11 hours ago•2 views

CVE-2026-34905 Apache Answer: Unlisted Questions Accessible via Direct API Access

EUVD•added 11 hours ago•5 views

EUVD-2026-35372

6.5CVSS5.4AI score

EUVD•added 11 hours ago•6 views

EUVD-2026-35368

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Timeline-related APIs lacked proper authorization checks, allowing regular authenticated users to access deleted, private, or unapproved content and i...

6.1CVSS5.4AI score

Vulnrichment•added 11 hours ago•2 views

CVE-2026-25699 Apache Answer: Authorization Bypass in Timeline API

Nuclei•added 13 hours ago•26 views

XWiki Platform - Unauthorized Document History Access

A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...

5.3CVSS5.5AI score0.86192EPSS

Exploits1References3

Positive Technologies•added 18 hours ago•5 views

PT-2026-47713

Positive Technologies•added 18 hours ago•5 views

PT-2026-47718

OSSF Malicious Packages•added yesterday•7 views

Malicious code in nerfstudio-gs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 523b928ceb73227e96f02eb85783222da17d0e716c9c7012b4cbcafd1e787f58 During installation or Python setup via PTH file, the code exfiltrated all kinds of sensitive data, including env variables, browser's data, SSH keys, data fro...

5.7AI score

IBM Security Bulletins•added yesterday•6 views

Security Bulletin: Unauthenticated Session History Access via Public Flow Execution

Summary A session ID namespace bypass vulnerability existed in Langflow OSS' POST /api/v1/buildpublictmp/flowid/flow endpoint that allowed unauthenticated attackers to access chat history from other users' sessions. The endpoint accepted an inputs.session parameter that could override the session...

5.5AI score

Exploits0Affected Software1

RedhatCVE•added 2 days ago•9 views

CVE-2026-45076

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This...

5.1CVSS5.4AI score0.00091EPSS

RedhatCVE•added 2 days ago•9 views

CVE-2026-11309

An insufficient policy enforcement flaw was found in the History component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=506392934...

4.3CVSS5.4AI score0.00013EPSS

Exploits0References5

SUSE CVE•added 2 days ago•4 views

SUSE CVE-2026-11309

Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00013EPSS

RedhatCVE•added 3 days ago•10 views

CVE-2026-46390

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenticated browsing of git repositories and git history. Version 26.0.0 patches the issue...

6.9CVSS5.5AI score0.0005EPSS

RedhatCVE•added 3 days ago•7 views

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

6CVSS5.2AI score0.00041EPSS

RedhatCVE•added 4 days ago•5 views

CVE-2025-62317

HCL AION is affected by a vulnerability where sensitive information may be included in URL parameters. Passing sensitive data in URLs may expose it through browser history, logs, or intermediary systems, potentially leading to unintended information disclosure under certain conditions...

2.6CVSS5.4AI score0.00026EPSS

RedhatCVE•added 4 days ago•5 views

CVE-2026-45739

Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a sensitive header, such as Authorization: Bearer , the value...

4.3CVSS5.4AI score0.00032EPSS

RedhatCVE•added 4 days ago•7 views

CVE-2026-34082

Dify is an open-source LLM app development platform. Prior to 1.13.1, the method DELETE /console/api/installed-apps//conversations/ has poor authorization checking and allows any Dify-authenticated user to delete someone else's chat history. Version 1.13.1 patches the issue...

5.3CVSS5.5AI score0.00036EPSS

Exploits1References1

RedhatCVE•added 4 days ago•3 views

CVE-2026-34066

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...

5.3CVSS5.5AI score0.00126EPSS