CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

Packet Storm News•added 2026/05/18 12:0 a.m.•5 views

Federated Naive Bayes with Real Mixture of Gaussians and Institutional Governance Regularization for Network Intrusion Detection

Federated learning for intrusion detection rests on a flawed premise: that every participating institution contributes equally to the shared model. In practice, a financial institution with mature security controls and low vulnerability exposure produces fundamentally different data than a...

5.8AI score

Exploits0

Github Security Blog•added 2026/04/16 9:16 p.m.•3 views

webpki: Name constraints for URI names were incorrectly accepted

Name constraints for URI names were ignored and therefore accepted. Note this library does not provide an API for asserting URI names, and URI name constraints are otherwise not implemented. URI name constraints are now rejected unconditionally. Since name constraints are restrictions on otherwis...

5.8AI score

Exploits0References3Affected Software1

OSV•added 2026/03/03 1:29 p.m.•0 views

BIT-DISCOURSE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing validatebeforecreate authorization in Data Explorer's QueryGroupBookmarkable allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata...

5.3CVSS6AI score0.00047EPSS

Exploits0References2

EUVD•added 2026/02/26 7:55 p.m.•2 views

EUVD-2026-8889

5.3CVSS5.5AI score0.00047EPSS

Exploits0References1

ATTACKERKB•added 2026/02/26 7:55 p.m.•2 views

CVE-2026-27150

5.3CVSS5.8AI score0.00047EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/02/26 7:55 p.m.•0 views

CVE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark

5.3CVSS6AI score0.00047EPSS

Exploits0References1

Positive Technologies•added 2026/02/26 12:0 a.m.•1 views

PT-2026-22185

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description A missing validate before create authorization check in the Data Explorer's QueryGroupBookmarkable component allows any...

5.3CVSS5.9AI score0.00047EPSS

Exploits0References7

Positive Technologies•added 2026/02/25 12:0 a.m.•3 views

PT-2026-21816

Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR’s HTTP client wrapper oeHttp/oeHttpRequest has a default setting that disables SSL/TLS certificate verification verify: false. This makes all external HTTPS connections susceptible to...

8.1CVSS5.9AI score0.00009EPSS

Exploits1References9

The Hacker News•added 2026/02/12 10:30 a.m.•5 views

The CTEM Divide: Why 84% of Security Programs Are Falling Behind

A new 2026 market intelligence study of 128 enterprise security decision-makers available here reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuou...

5.7AI score

Exploits0

RedhatCVE•added 2026/01/09 8:53 a.m.•3 views

CVE-2021-27428

GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without...

9.8CVSS6.9AI score0.0029EPSS

Exploits0References1

OSV•added 2025/12/18 12:4 p.m.•2 views

BIT-GITLAB-2025-13978 Generation of Error Message Containing Sensitive Information in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to discover the names of private projects they do not have access through API requests...

4.3CVSS6.7AI score0.00016EPSS

Exploits0References4

Hacker One•added 2025/12/04 8:9 p.m.•15 views

Enjin: Unauthenticated GraphQL access by prepending __schema to private operations

A security vulnerability was identified in the GraphQL schema of the Enjin Platform. The vulnerability allowed unauthorized access to the GraphQL schema by prepending "schema" to private operations. The vulnerability was discovered and reported by a security researcher. The specific location of t...

6.8AI score

Exploits0

CNVD•added 2025/11/14 12:0 a.m.•1 views

WordPress Easy Email Subscription plugin cross-site scripting vulnerability

The WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website, allowing users to receive new content updates via email. WordPress Easy Email Subscription plugin suffers from a cross-site scripting vulnerability that stems from the...

7.2CVSS6.1AI score0.00184EPSS

Exploits0References1

RedhatCVE•added 2025/10/30 5:9 p.m.•1 views

CVE-2025-12479

Systemic Lack of Cross-Site Request Forgery CSRF Token Implementation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS7AI score0.00021EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2018-11649

Malware in sbrugna...

5.3CVSS5.5AI score0.00049EPSS

Exploits0References2