CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/12 12:0 a.m.•11 views

PT-2026-48973

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple mass assignment issues exist in the handling of collections, tag collections, event delegations, and shadow attributes. Certain controller actions accept user-supplied fields that shoul...

8.8CVSS5.3AI score0.00262EPSS

Exploits0References4

GithubExploit•added 2026/06/10 9:49 a.m.•36 views

Fulcrum-OSINT-monitor

FULCRUM — Architecture Technique v3.1 Vue d'ensemble FULC...

5.5AI score

RedhatCVE•added 2026/06/10 2:59 a.m.•7 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS5.5AI score0.00109EPSS

RedhatCVE•added 2026/06/05 7:25 p.m.•6 views

CVE-2026-0502

Due to insufficient CSRF protection in SAP BusinessObjects Business Intelligence Platform ,an authenticated user could be tricked by an attacker to send unintended requests to the web server. This has low impact on integrity and availability of the application. There is no impact on confidentiali...

5.4CVSS5.4AI score0.00121EPSS

The Hacker News•added 2026/06/03 11:58 a.m.•12 views

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...

5.9AI score

GithubExploit•added 2026/05/19 11:42 p.m.•86 views

eip-mcp

Exploit Intel Platform MCP Server Package/command: eip-mcp...

6.1AI score

CVE•added 2026/05/13 8:53 p.m.•13 views

CVE-2026-44379

Affected software: MISP (Threat Intelligence and Sharing Platform). Prior to version 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field, allowing submission of malformed UUID values. This could lead to integrity issues or unexpected behavior in code paths assuming...

5.3CVSS5.9AI score0.00178EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/13 8:50 p.m.•47 views

CVE-2026-44381 MISP: SQL injection via unvalidated ordering parameters in event and shadow attribute listings

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow attribute listing endpoints. The affected code accepted order or sort values from request paramete...

9.3CVSS0.00227EPSS

CNNVD•added 2026/05/13 12:0 a.m.•10 views

MISP modules 跨站请求伪造漏洞

MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. MISP modules 3.0.7 and earlier versions had a cross-site request forgery vulnerability. This vulnerability stemmed from the...

9.3CVSS5.7AI score0.00185EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•10 views

PT-2026-40809

9.3CVSS5.9AI score0.00227EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•8 views

PT-2026-40807

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.9AI score0.00178EPSS

Exploits0References3

NVD•added 2026/05/12 3:16 a.m.•30 views

CVE-2026-0502

5.4CVSS0.00121EPSS

Vulnrichment•added 2026/05/12 2:19 a.m.•10 views

CVE-2026-0502 Cross Site Request Forgery (CSRF) in SAP BusinessObjects Business Intelligence Platform

5.4CVSS5.8AI score0.00121EPSS

NVD•added 2026/04/14 12:16 a.m.•4 views

CVE-2026-24318

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

4.2CVSS0.00167EPSS

Vulnrichment•added 2026/04/14 12:6 a.m.•3 views

CVE-2026-24318 Insecure Session Management vulnerability in SAP BusinessObjects Business Intelligence Platform

4.2CVSS5.8AI score0.00167EPSS

Positive Technologies•added 2026/04/14 12:0 a.m.•4 views

PT-2026-32551

4.2CVSS5.8AI score0.00167EPSS

Exploits0References3

Cvelist•added 2026/04/09 4:37 p.m.•20 views

CVE-2026-39962 LDAP injection in MISP ApacheAuthenticate when using a user-controlled Apache environment variable

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.36, improper neutralization of special elements in an LDAP query in ApacheAuthenticate.php allows LDAP injection via an unsanitized username value when ApacheAuthenticate.apacheEnv is configured to use a user-controlled...

8.8CVSS0.00345EPSS

Exploits0References4

The Hacker News•added 2026/01/13 11:47 a.m.•8 views

ServiceNow Patches Critical AI Platform Flaw Allowing Unauthenticated User Impersonation

ServiceNow has disclosed details of a now-patched critical security flaw impacting its ServiceNow artificial intelligence AI Platform that could enable an unauthenticated user to impersonate another user and perform arbitrary actions as that user. The vulnerability, tracked as CVE-2025-12420 ,...

10CVSS7.6AI score0.4549EPSS

RedhatCVE•added 2026/01/09 9:20 a.m.•6 views

CVE-2021-33697

Under certain conditions, SAP BusinessObjects Business Intelligence Platform SAPUI5, versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities...

6.1CVSS6.9AI score0.00562EPSS