CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added last week•2 views

CVE-2026-5737 Independent Analytics <= 2.14.9 - Unauthenticated Server-Side Request Forgery via Tracking Route

6.5CVSS5.9AI score0.00054EPSS

EUVD•added last week•5 views

EUVD-2026-32702

6.5CVSS5.9AI score0.00054EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•3 views

PT-2026-44178

The Independent Analytics plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.14.9. This is due to a public tracking route at /wp-json/iawp/search that accepts attacker-controlled referrer url values when the signature matches, combined with a...

6.5CVSS6AI score0.00054EPSS

Exploits0References11

CNNVD•added 2026/05/28 12:0 a.m.•3 views

WordPress plugin Independent Analytics 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.5CVSS5.9AI score0.00054EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.15, linux-6.1, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: Independent PMD page table shared count The refcount of the folio may be unexpectedly increased through functions like trygetfolio by callers such as splithugepages. In hugepmdunshare, we use the refcount to check...

5.5CVSS6.2AI score0.00028EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: block: fixed a memory leak in diskregisterindependentaccessranges The kobjectinitandadd function takes a reference even when it fails. According to the documentation of kobjectinitandadd: If this function returns an error,...

5.5CVSS5.8AI score0.00029EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Do not finalize the CSA in IBSS mode if the state is disconnected When we are not connected to a channel, sending the “switch” announcement doesn’t make any sense. In that case, the BSS list is empty. This causes...

5.5CVSS6AI score0.00063EPSS

Debian CVE•added 2026/05/14 5:34 p.m.•2 views

CVE-2026-44544

gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log RSL can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except...

4.9CVSS5.8AI score0.00043EPSS

Patchstack•added 2026/05/01 9:31 a.m.•2 views

WordPress Independent Analytics plugin <= 2.9.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Independent Analytics - Google Analytics Alternative for WordPress versions = 2.9.7...

6.1CVSS5.8AI score0.00135EPSS

Exploits0References1Affected Software1

Packet Storm News•added 2026/05/01 12:0 a.m.•3 views

When RAG Chatbots Expose Their Backend: An Anonymized Case Study of Privacy and Security Risks in Patient-Facing Medical AI

Background: Patient-facing medical chatbots based on retrieval-augmented generation RAG are increasingly promoted to deliver accessible, grounded health information. AI-assisted development lowers the barrier to building them, but they still demand rigorous security, privacy, and governance...

Tenable Nessus•added 2026/04/27 12:0 a.m.•4 views

Juniper Junos OS Vulnerability (JSA83018)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA83018 advisory. - An Unchecked Return Value vulnerability in the Routing Protocol Daemon rpd on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent,...

7.1CVSS5.6AI score0.00188EPSS

ATTACKERKB•added 2026/04/20 6:34 a.m.•1 views

CVE-2026-6643

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

8.6CVSS6.5AI score0.00154EPSS

Exploits1References2Affected Software1

Packet Storm News•added 2026/04/19 12:0 a.m.•1 views

What Security and Privacy Transparency Users Need from Consumer-Facing Generative AI

Users increasingly rely on consumer-facing generative AI GenAI for tasks ranging from everyday needs to sensitive use cases. Yet, it remains unclear whether and how existing security and privacy S&P communications in GenAI tools shape users' adoption decisions and subsequent experiences...

Fedora•added 2026/04/16 1:9 a.m.•4 views

[SECURITY] Fedora 42 Update: moby-engine-29.4.0-1.fc42

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

7.5CVSS6.4AI score0.00035EPSS

Packet Storm News•added 2026/03/15 12:0 a.m.•2 views

When Scanners Lie: Evaluator Instability in LLM Red-Teaming

Automated LLM vulnerability scanners are increasingly used to assess security risks by measuring different attack type success rates ASR. Yet the validity of these measurements hinges on an often-overlooked component: the evaluator who determines whether an attack has succeeded. In this study, we...

EUVD•added 2026/03/12 2:12 p.m.•0 views

EUVD-2026-10389

ImageMagick: Integer overflow in DIB coder can result in out of bounds read or write...

8.1CVSS5.8AI score0.00067EPSS

Exploits0References3

Packet Storm News•added 2026/03/12 12:0 a.m.•1 views

Automatic Attack Script Generation: A MDA Approach

It is widely recognized that practical exercises are crucial for teaching cybersecurity in higher education. However, their setup is not only expensive, time-consuming, and prone to numerous errors, but also requires technical and programming skills to create attack contexts and scripts. To...