CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2 days ago•4 views

MAL-2026-5130 Malicious code in @redhat-cloud-services/integrations-client (npm)

Part of the "Mini Shai-Hulud" supply chain worm campaign that compromised the GitHub Actions OIDC trusted publisher shared by Red Hat Cloud Services npm packages. The attacker injected a preinstall hook into this and 31 other packages in the @redhat-cloud-services scope. The hook delivers a...

6AI score

EUVD•added 5 days ago•7 views

EUVD-2026-33283

An unhandled exception in Suprema BioStar 2 Server, versions 2.9.8, 2.9.10, and 2.9.11, that allows an unauthenticated remote attacker to cause a denial of service DoS by sending HTTP POST requests to the ‘/api/migration’ endpoint. This request triggers a failure that halts critical processes,...

8.7CVSS5.9AI score0.00104EPSS

NVD•added 2026/05/20 9:16 a.m.•6 views

CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

9.3CVSS0.00036EPSS

CVE•added 2026/05/20 8:23 a.m.•12 views

CVE-2026-9065

SureCart

Vulnrichment•added 2026/05/20 8:23 a.m.•4 views

CVE-2026-9065 Surecart - SQL Injection

ATTACKERKB•added 2026/05/20 8:23 a.m.•11 views

CVE-2026-9065

Positive Technologies•added 2026/05/20 12:0 a.m.•6 views

PT-2026-42123

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'model name', 'model id', 'integration id', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

Snyk•added 2026/05/14 4:18 p.m.•3 views

Authorization Bypass Through User-Controlled Key

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the OAuth1 and OAuth2 credential reconnect endpoints. A user with readonly access to shared credentials can overwrite stored OAuth token material...

8.5CVSS5.9AI score

Vulnrichment•added 2026/05/12 5:29 p.m.•2 views

CVE-2026-42303 Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection

Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was...

6.1CVSS5.8AI score0.00064EPSS

Exploits0References6

Hive Pro Threat Advisories•added 2026/05/08 4:52 a.m.•4 views

OT Cybersecurity Challenges for ICS in 2026

OT Cybersecurity Challenges for ICS in 2026 OT cybersecurity has become a board-level risk because industrial control systems are no longer isolated, predictable, or invisible to attackers. In 2026, security teams protecting manufacturing plants, utilities, transportation systems, energy...

5.9AI score

NVD•added 2026/04/22 10:16 p.m.•2 views

CVE-2026-41454

WeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints that allows authenticated board members to perform administrative actions without proper privilege verification. Attackers can enumerate integrations including webhook URLs, create new...

8.7CVSS0.00046EPSS

Exploits0References3

RedhatCVE•added 2026/04/22 7:22 a.m.•0 views

CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

8.6CVSS5.8AI score0.00023EPSS

Positive Technologies•added 2026/04/22 12:0 a.m.•2 views

PT-2026-34568

8.7CVSS5.8AI score0.00046EPSS

Exploits0References5

Wallarm Lab•added 2026/04/21 1:0 p.m.•4 views

Why API Discovery Is the First Step to Securing AI

TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it. Every AI interaction triggers a chain of API calls across your environment. Many of those APIs aren’t documented or tracked. That’s your real exposure. Shadow API discovery gives you visibility into those hidden endpoints, s...

6AI score

RedhatCVE•added 2026/04/20 7:22 p.m.•1 views

CVE-2026-40525

OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the apikey configuration value is unset or empty. Remote attackers with network access to the exposed service can invoke...

9.1CVSS5.8AI score0.00196EPSS

Exploits1References1

Wiz blog•added 2026/04/20 6:20 p.m.•2 views

Context.ai OAuth Token Compromise

Compromised Context.ai OAuth tokens enabled attackers to perform a supply chain attack via trusted SaaS integrations. Learn how to assess the risk in your environment and how to prevent the next attack...

5.8AI score

OSV•added 2026/04/18 8:40 a.m.•3 views

BIT-GRAFANA-2025-12141 Grafana Alerting Editors can edit destination of webhooks they did not create

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...

6.5CVSS5.7AI score0.00066EPSS

The Hacker News•added 2026/04/18 8:7 a.m.•4 views

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI age...

5.8AI score