CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/05/06 10:57 a.m.•11 views

Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?

Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents, Gartner states that “enterprise adoption of AI agents is accelerating, outpacing maturity of...

5.9AI score

The Hacker News•added 2026/04/08 11:30 a.m.•4 views

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The result is Identity Dark Matter...

6AI score

The Hacker News•added 2026/04/07 4:29 p.m.•4 views

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute , hundreds of applications within the typical enterprise...

6AI score

Veracode•added 2026/03/24 10:6 a.m.•3 views

Remote Code Execution (RCE)

tinacms is vulnerable to remote code execution. The vulnerability is due to improper handling of markdown content using the gray-matter package, which allows an attacker to execute arbitrary code by injecting malicious content into processed markdown files such as blog posts...

8.8CVSS6.4AI score0.00069EPSS

Exploits1References3Affected Software3

Veracode•added 2026/03/12 6:24 p.m.•6 views

Arbitrary Code Injection

md-to-pdf is vulnerable to Arbitrary Code Injection. The vulnerability is due to a Markdown front-matter block that contains JavaScript delimiter, where the JS engine in gray-matter library executes arbitrary code in the Markdown to PDF converter process of md-to-pdf library, and attackers can...

10CVSS7.8AI score0.00334EPSS

Exploits0References2Affected Software1

Talos Blog•added 2026/03/11 10:0 a.m.•3 views

Spinning complex ideas into clear docs with Kri Dontje

Welcome back! This week, we're shining a spotlight on Kri Dontje, a technical writer who's become an essential voice in making Cisco Talos' work understandable for a wide audience. With a background in technical communications and a career that began at a small startup, Kri discusses the importan...

5.8AI score

The Hacker News•added 2026/03/03 11:30 a.m.•9 views

AI Agents: The Next Wave Identity Dark Matter - Powerful, Invisible, and Unmanaged

The Rise of MCPs in the Enterprise The Model Context Protocol MCP is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automa...

6AI score

OSV•added 2026/03/02 12:0 p.m.•1 views

RUSTSEC-2026-0043 Timing Side-Channel in AES-CCM Tag Verification in AWS-LC

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

5.9CVSS5.9AI score0.00041EPSS

Exploits0References4

NVD•added 2026/02/12 9:16 p.m.•5 views

CVE-2026-0619

A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...

6CVSS0.00062EPSS

ATTACKERKB•added 2026/02/12 8:9 p.m.•3 views

CVE-2026-0619

A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...

Exploits0References2Affected Software1

CVE•added 2026/02/12 8:9 p.m.•8 views

CVE-2026-0619

Silicon Labs Matter SDK contains a reachable infinite loop caused by an integer wraparound, enabling a network-accessible denial-of-service. The vulnerability affects the Matter implementation and can force a hard reset to recover. The CVSS metrics indicate a medium base severity with impact on a...

Vulnrichment•added 2026/02/12 8:9 p.m.•3 views

CVE-2026-0619 Integer Wraparound DoS in Silicon Labs Matter Implementation

A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...

Cvelist•added 2026/02/12 8:9 p.m.•27 views

CVE-2026-0619 Integer Wraparound DoS in Silicon Labs Matter Implementation

A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...

6CVSS0.00062EPSS

Positive Technologies•added 2026/02/12 12:0 a.m.•4 views

PT-2026-7895

A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device...

CNNVD•added 2026/02/12 12:0 a.m.•3 views

Exploits0References2

Silicon Labs Matter SDK 安全漏洞

Silicon Labs Matter SDK is a software development kit provided by Silicon Labs, Inc. in the United States. The Silicon Labs Matter SDK has a security vulnerability that stems from an integer overflow, leading to an infinite loop that could potentially trigger a denial-of-service attack...

6CVSS5.8AI score0.00062EPSS

The Hacker News•added 2026/02/04 11:58 a.m.•4 views

Orchid Security Introduces Continuous Identity Observability for Enterprise Applications

An innovative approach to discovering, analyzing, and governing identity usage beyond traditional IAM controls. The Challenge: Identity Lives Outside the Identity Stack Identity and access management tools were built to govern users and directories. Modern enterprises run on applications. Over...

5.7AI score