CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

126168 matches found

OSV•added 2026/04/16 9:8 p.m.•4 views

GHSA-4FXQ-2X3X-6XQX zrok: Reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering

Summary The proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the attacker-controlled refreshInterval query parameter verbatim into an error message when...

6.1CVSS5.9AI score0.00209EPSS

Exploits0References4

Github Security Blog•added 2026/04/16 8:44 p.m.•8 views

Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots

Impact The serviceAccounts and notServiceAccounts fields in AuthorizationPolicy incorrectly interpret dots . as a regular expression matcher. Because . is a valid character in a service account name, an AuthorizationPolicy ALLOW rule targeting SA e.g. cert-manager.io also matches cert-manager-io,...

5.4CVSS5.8AI score0.00209EPSS

Exploits0References4Affected Software1

OSV•added 2026/04/16 8:44 p.m.•3 views

GHSA-9GCG-W975-3RJH Istio: AuthorizationPolicy serviceAccounts regex injection via unescaped dots

5.4CVSS5.8AI score0.00209EPSS

Exploits0References4

RedhatCVE•added 2026/04/16 7:22 p.m.•1 views

CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

7.5CVSS5.8AI score0.00463EPSS

Exploits0References1

IBM Security Bulletins•added 2026/04/16 5:54 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in filelock-3.12.2-py3-none-any.whl Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allo...

6.5CVSS5.9AI score0.00184EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/16 5:53 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.125.Final.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.125.Final.jar Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...

6.5CVSS5.8AI score0.00292EPSS

Exploits1Affected Software1

IBM Security Bulletins•added 2026/04/16 5:52 p.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in lz4-java-1.8.0.jar Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via...

8.8CVSS6AI score0.00647EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/16 5:52 p.m.•4 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-geo-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52981 DESCRIPTION: An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection...

7.5CVSS5.8AI score0.00473EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/16 5:51 p.m.•7 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2023-46673 DESCRIPTION: It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling...

7.5CVSS5.8AI score0.00943EPSS

Exploits0Affected Software1

Wordfence Blog•added 2026/04/16 5:50 p.m.•9 views

Attackers Actively Exploiting Critical Vulnerability in Ninja Forms – File Upload Plugin

On April 6th, 2026, we publicly disclosed a critical Arbitrary File Upload vulnerability in Ninja Forms – File Upload, a WordPress plugin with an estimated 50,000 active installations. This vulnerability can be leveraged by unauthenticated attackers to upload arbitrary files, including PHP...

9.8CVSS8AI score0.54254EPSS

Exploits6

IBM Security Bulletins•added 2026/04/16 5:49 p.m.•3 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl

Summary IBM Watson Discovery Cartridge affected by vulnerability in urllib3-1.26.20-py2.py3-none-any.whl Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by...

8.9CVSS5.8AI score0.0068EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/16 5:48 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty

Summary IBM Watson Discovery Cartridge affected by vulnerability in WebSphere Application Server Liberty Vulnerability Details CVEID:CVE-2025-12635 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.12 are affected by...

5.4CVSS5.7AI score0.00139EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/16 5:47 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar Vulnerability Details CVEID:CVE-2024-52979 DESCRIPTION: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial...

7.5CVSS5.8AI score0.00522EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/16 5:46 p.m.•5 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-6.8.23.jar

7.5CVSS5.8AI score0.00522EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/16 5:4 p.m.•7 views

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper (CVE-2025-58457)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and resto...

4.3CVSS5.8AI score0.00294EPSS

Exploits0Affected Software1

GithubExploit•added 2026/04/16 4:40 p.m.•310 views

ofensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS7.2AI score0.75197EPSS

Exploits26

GithubExploit•added 2026/04/16 4:40 p.m.•287 views

ffensive-playbook

HackTheBox — Writeups Collection A collection of HackTheBox m...

9.9CVSS6.4AI score0.75197EPSS

Exploits26

Microsoft Secure•added 2026/04/16 4:0 p.m.•5 views

Building your cryptographic inventory: A customer strategy for cryptographic posture management

Post-quantum cryptography PQC is coming—and for most organizations, the hardest part won’t be choosing new algorithms. It will be finding where cryptography is used today across applications, infrastructure, devices, and services so teams can plan, prioritize, and modernize with confidence. At...

6AI score

Exploits0

Microsoft Secure•added 2026/04/16 4:0 p.m.•5 views

Building your cryptographic inventory: A customer strategy for cryptographic posture management

6AI score

Exploits0

IBM Security Bulletins•added 2026/04/16 3:15 p.m.•4 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js

Summary There are multiple vulnerabilities in Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer prior to version 2.1.0 allows an attacker to trigger a Denial...

8.7CVSS5.8AI score0.00555EPSS

Exploits1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by