CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/20 4:6 p.m.•2 views

EUVD-2026-31136

A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the BrowserBot synthetics orchestration process. Cisco has addressed this vulnerability in the Cisco...

6.3CVSS6.1AI score0.00121EPSS

EUVD•added 2026/05/06 6:30 p.m.•1 views

EUVD-2026-27864

A vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of other users or affect quiz and poll results. Cisco has addressed this vulnerability in Cisco Slido and no customer action is needed. This vulnerability existed...

5.4CVSS5.8AI score0.00041EPSS

Vulnrichment•added 2026/04/23 8:35 a.m.•1 views

CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.2AI score0.00054EPSS

Cvelist•added 2026/04/23 8:35 a.m.•29 views

CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages

7.1CVSS0.00054EPSS

F5 Networks•added 2026/04/17 3:1 p.m.•5 views

K000160873: Linux kernel vulnerability CVE-2026-23317

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmwtranslateptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup functi...

7.8CVSS5.6AI score0.00018EPSS

Exploits0

Cisco•added 2026/04/15 4:0 p.m.•9 views

Cisco Webex Contact Center Cross-Site Scripting Vulnerability

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

EUVD•added 2026/03/04 6:31 p.m.•1 views

EUVD-2026-9473

A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability, and no customer action is needed. This vulnerability was due to improper filtering of user-supplied input. Prior to this...

CVE•added 2026/03/04 5:24 p.m.•62 views

CVE-2026-20149

Cisco Webex contains an unauthenticated XSS vulnerability due to improper input filtering. An attacker could trick a user into clicking a malicious link, potentially executing scripts in the user’s context. Cisco has addressed the issue; no customer action is required. Affected product: Cisco Web...

Exploits0References1Affected Software1

Cisco•added 2026/03/04 4:0 p.m.•7 views

Cisco Webex Services Cross-Site Scripting Vulnerability

OSV•added 2026/03/03 5:16 p.m.•1 views

CVE-2026-3136

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vulnerability was patched on 26 January 2026, and no customer action is needed...

9.8CVSS6.2AI score

NVD•added 2026/03/03 5:16 p.m.•2 views

CVE-2026-3136

9.8CVSS0.00088EPSS

EUVD•added 2026/03/03 4:22 p.m.•3 views

EUVD-2026-9302

8.6CVSS6.3AI score0.00088EPSS

OSV•added 2026/03/01 12:0 a.m.•0 views

ASB-A-446648770

In multiple locations, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS6.1AI score0.00033EPSS

Exploits1References4

NVD•added 2026/02/26 3:17 p.m.•3 views

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

8.4CVSS0.00063EPSS

ATTACKERKB•added 2026/02/26 2:14 p.m.•3 views

CVE-2026-2244

8.4CVSS5.5AI score0.00063EPSS

CVE•added 2026/02/19 3:21 p.m.•4 views

CVE-2026-2274

CVE-2026-2274 describes a vulnerability in Google AppSheet’s AppSheet Core allowing an authenticated remote attacker to perform SSRF and arbitrary file read via crafted requests to the production cluster. Affected behavior includes reading sensitive local files and accessing internal network reso...

8.5CVSS5.6AI score0.00198EPSS

ATTACKERKB•added 2026/02/06 9:44 p.m.•2 views

CVE-2026-1727

The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and temporary staging during data imports from GCS and Cloud SQL. This predictability allowed an...

9.1CVSS5.5AI score0.00063EPSS

CVE•added 2026/02/06 9:44 p.m.•8 views

CVE-2026-1727

The CVE-2026-1727 entry describes an information disclosure in the Agentspace service arising from the use of predictable Google Cloud Storage bucket names for error logs and temporary data staging during GCS imports and Cloud SQL interactions. This predictability enabled bucket squatting, where ...

9.1CVSS5.5AI score0.00063EPSS