CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Fedora•added 2026/04/12 3:53 p.m.•7 views

[SECURITY] Fedora 42 Update: libmicrohttpd-1.0.3-1.fc42

GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...

8.7CVSS5.8AI score0.00374EPSS

Packet Storm News•added 2026/04/12 12:0 a.m.•6 views

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

5.9AI score

CNNVD•added 2026/04/11 12:0 a.m.•6 views

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.2.1 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the file...

5.1CVSS5.7AI score0.00266EPSS

Exploits0References8

Github Security Blog•added 2026/04/10 8:0 p.m.•4 views

Rembg has a Path Traversal via Custom Model Loading

Summary A path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious modelpath parameter, an attacker can force the server to attempt loading any file as an ONNX...

5.3CVSS6AI score0.00592EPSS

Exploits1References5Affected Software1

vulnersOsv•added 2026/04/10 7:30 p.m.•6 views

@saltcorn/admin-models (>=1.6.0-alpha.0 <=1.6.0-beta.12), @saltcorn/base-plugin (>=1.6.0-alpha.0 <=1.6.0-beta.12) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.6.0-alpha.0 <=1.6.0-beta.3)

@saltcorn/data NPM version =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-alpha.0, =1.6.0-beta.12 Source cves: unknown CVE Source advisory: OSV:GHSA-59XV-588H-2VMM...

5.5AI score

NVD•added 2026/04/10 5:17 p.m.•1 views

CVE-2026-35619

OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals scope can enumerate gateway model metadata through the HTTP compatibility route, bypassing the...

5.3CVSS0.00272EPSS

Snyk•added 2026/04/10 5:8 p.m.•4 views

Directory Traversal

Overview rembg is a Remove image background Affected versions of this package are vulnerable to Directory Traversal via the modelpath parameter in the HTTP server for custom model types u2netcustom, discustom, bencustom. An attacker can access arbitrary files on the server's filesystem by sending...

6.9CVSS6.3AI score0.00592EPSS

Exploits1References2

Vulnrichment•added 2026/04/10 4:3 p.m.•3 views

CVE-2026-35619 OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint

ATTACKERKB•added 2026/04/10 4:3 p.m.•2 views

CVE-2026-35619

CVE•added 2026/04/10 4:3 p.m.•13 views

Exploits0References4

CVE-2026-35619

CVE-2026-35619 affects OpenClaw prior to 2026.3.24. The vulnerable component is the HTTP /v1/models endpoint, which fails to enforce operator.read scope, allowing attackers with operator.approvals to enumerate gateway model metadata via the HTTP compatibility route and bypass WebSocket RPC author...

Exploits0References3Affected Software1

Cvelist•added 2026/04/10 4:3 p.m.•26 views

CVE-2026-35619 OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint

5.3CVSS0.00272EPSS

Snyk•added 2026/04/10 3:33 p.m.•4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

Packet Storm News•added 2026/04/10 12:0 a.m.•3 views

Exploits1References2

Like a Hammer, It Can Build, It Can Break: Large Language Model Uses, Perceptions, and Adoption in Cybersecurity Operations on Reddit

Large language models LLMs have recently emerged as promising tools for augmenting Security Operations Center SOC workflows, with vendors increasingly marketing autonomous AI solutions for SOCs. However, there remains a limited empirical understanding of how such tools are used, perceived, and...

5.9AI score

CNNVD•added 2026/04/10 12:0 a.m.•7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.24 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypasses in the HTTP/v1/models endpoints, which failed to enforce the requirement for...

EUVD•added 2026/04/09 3:35 p.m.•3 views

EUVD-2026-20928

A security flaw has been discovered in GL.iNet GL-RM1, GL-RM10, GL-RM10RC and GL-RM1PE 1.8.1. Affected by this issue is some unknown functionality of the component Factory Reset Handler. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The...

7.5CVSS6AI score0.00509EPSS

Exploits0References6

Microsoft CVE•added 2026/04/09 8:2 a.m.•4 views

ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings.

...

8.6CVSS5.7AI score0.00288EPSS