CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/03/27 10:4 a.m.•4 views

Bearlyfy Hits Russian Firms with Custom GenieLocker Ransomware

A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the threat landscape in January 2025, with recent attacks leveraging a custom Windows ransomware strain codenamed GenieLocker. "Bearlyfy also known as...

5.9AI score

Exploits0

RedhatCVE•added 2026/03/24 10:22 a.m.•2 views

CVE-2026-4732

A flaw was found in tildearrow furnace. This out-of-bounds read vulnerability, specifically within the extern/libsndfile-modified/src modules and associated with flac.C, could allow a local user to cause a denial of service, disclose sensitive information, or potentially execute arbitrary code...

9.3CVSS6AI score0.00128EPSS

EUVD•added 2026/03/24 6:31 a.m.•2 views

EUVD-2026-14710

Out-of-bounds Read vulnerability in tildearrow furnace ‎extern/libsndfile-modified/src modules. This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7...

9.3CVSS5.8AI score0.00128EPSS

ATTACKERKB•added 2026/03/24 2:50 a.m.•2 views

CVE-2026-4732

9.3CVSS5.8AI score0.00128EPSS

CVE•added 2026/03/24 2:50 a.m.•11 views

CVE-2026-4732

CVE-2026-4732 is an out-of-bounds read in furnace (extern/libsndfile-modified/src modules) associated with the flac.C file, affecting furnace versions before 0.7. Red Hat notes a local-denial-of-service risk with potential information disclosure or arbitrary code execution. Circl and EUVD entries...

9.3CVSS5.8AI score0.00128EPSS

CNVD•added 2026/03/19 12:0 a.m.•2 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15150)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by an attacker to cause the use of unvalidated or modified model artifacts...

5.3CVSS5.9AI score0.00084EPSS

ATTACKERKB•added 2026/03/16 2:39 p.m.•4 views

CVE-2025-52645

HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified model artifacts being used, potentially leading to integrity concerns or unintended behaviour...

1.9CVSS5.8AI score0.00084EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/03/11 3:52 p.m.•25 views

CVE-2026-28803 Open Forms possible to view submission details of other people than intended

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

6.5CVSS0.00201EPSS

The Hacker News•added 2026/03/10 7:17 a.m.•7 views

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the exploitation of...

5.8AI score

Exploits0

OSV•added 2026/03/06 7:19 a.m.•2 views

MAL-2026-1259 Malicious code in pino-sdk-v2 (npm)

Malware detected: Exfiltrates .env file keys to Discord webhook. Impersonates legit pino package with modified malicious package/lib/tools.js. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 093fa98258b33a735216506ea119532a3cc24c92359028b4bb1955d0b712951a The...

5.8AI score

Github Security Blog•added 2026/02/19 3:17 p.m.•10 views

Unauthorized npm publish of [email protected] with modified postinstall script

Description On February 17, 2026 at 3:26 AM PT, an unauthorized party used a compromised npm publish token to publish an update to Cline CLI on the NPM registry: [email protected]. The published package contains a modified package.json with an added postinstall script: "postinstall": "npm install -g...

5.6AI score

Exploits0References2Affected Software1

OSV•added 2026/02/14 4:15 a.m.•5 views

CVE-2025-14608

The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulksave' AJAX action. This makes it possible for...

5.3CVSS5.7AI score

CVE•added 2026/02/14 3:25 a.m.•15 views

CVE-2025-14608

CVE-2025-14608 — WP Last Modified Info (WordPress plugin) affects WP Last Modified Info versions

5.3CVSS5.7AI score0.00227EPSS

Cvelist•added 2026/02/14 3:25 a.m.•25 views

CVE-2025-14608 WP Last Modified Info <= 1.9.5 - Insecure Direct Object Reference to Authenticated (Author+) Post Metadata Modification

5.3CVSS0.00227EPSS

CNNVD•added 2026/02/14 12:0 a.m.•4 views

WordPress plugin WP Last Modified Info 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00227EPSS