CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/15 10:21 a.m.•2 views

CVE-2026-40729 WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability

5.8AI score0.00141EPSS

Positive Technologies•added 2026/04/15 12:0 a.m.•3 views

PT-2026-33040

Name of the Vulnerable Software and Affected Versions bPlugins 3D viewer – Embed 3D Models versions prior to 1.8.6 Description Incorrectly configured access control security levels lead to a missing authorization issue, allowing for the exploitation of security levels. Recommendations Update to a...

4.3CVSS5.8AI score0.00141EPSS

Exploits0References4

Packet Storm News•added 2026/04/15 12:0 a.m.•2 views

Challenges and Future Directions in Agentic Reverse Engineering Systems

Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...

CNNVD•added 2026/04/15 12:0 a.m.•6 views

WordPress plugin 3D viewer – Embed 3D Models 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.8AI score0.00141EPSS

Packet Storm News•added 2026/04/15 12:0 a.m.•2 views

RealVuln: Benchmarking Rule-Based, General-Purpose LLM, and Security-Specialized Scanners on Real-World Code

How do security scanners perform on real-world code? We present RealVuln, the first open-source benchmark comparing Rule-Based SAST, General-Purpose LLMs, and Security-Specialized scanners on 26 intentionally vulnerable Python repositories educational and Capture-The-Flag applications with 796...

Schneier on Security•added 2026/04/14 10:49 a.m.•4 views

How Hackers Are Thinking About AI

Interesting paper: "What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation." Abstract: The rapid expansion of artificial intelligence AI is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to...

Packet Storm News•added 2026/04/14 12:0 a.m.•5 views

LLM-Guided Prompt Evolution for Password Guessing

Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...

CNNVD•added 2026/04/14 12:0 a.m.•4 views

MaxKB 安全漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB prior to 2.7.1 contained a security vulnerability. This vulnerability stemmed from the use of storage-oriented cross-site scripting in the application name or icon...

6.9CVSS5.9AI score0.00216EPSS

Exploits1References3

Tenable Nessus•added 2026/04/14 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-1462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the TFSMLayer class of the keras package, version 3.13.0, allows attacker- controlled TensorFlow SavedModels to be loaded during...

8.8CVSS7.9AI score0.00357EPSS

Exploits0References3

Packet Storm News•added 2026/04/14 12:0 a.m.•2 views

LogicEval: A Systematic Framework for Evaluating Automated Repair Techniques for Logical Vulnerabilities in Real-World Software

Logical vulnerabilities in software stem from flaws in program logic rather than memory safety, which can lead to critical security failures. Although existing automated program repair techniques primarily focus on repairing memory corruption vulnerabilities, they struggle with logical...

5.9AI score

RedhatCVE•added 2026/04/13 7:57 p.m.•12 views

CVE-2026-1462

A flaw was found in the keras package. This vulnerability allows an attacker to execute unauthorized code on a victim's system. It occurs when a victim loads a specially crafted .keras model, even if the safemode security feature is active. The issue arises because the keras package can...

8.8CVSS6AI score0.00357EPSS

Exploits0References5

RedhatCVE•added 2026/04/13 7:23 p.m.•2 views

CVE-2026-33787

An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon chassisd of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service DoS. When a specific 'show chassis'...

6.8CVSS5.8AI score0.00093EPSS