CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Hive Pro Threat Advisories•added 2026/04/09 3:39 a.m.•1 views

Threat and Vulnerability Management: Building a Unified Program

Most security teams run threat intelligence and vulnerability management as separate operations. Threat analysts track adversary campaigns and emerging exploits. Vulnerability teams run scans, generate reports, and chase patches. The two groups rarely share a workflow, a priority list, or even a...

5.9AI score

OSV•added 2026/04/09 12:47 a.m.•4 views

CLEANSTART-2026-CO68219 Docker CLI for Windows searches for plugin binaries in C:\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ProgramData\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\Docker\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\cli-plugins, a directory that does not exist by default

Multiple security vulnerabilities affect the istio-fips package. Docker CLI for Windows searches for plugin binaries in...

9.8CVSS6.9AI score0.00046EPSS

Exploits2References17

CNVD•added 2026/04/09 12:0 a.m.•0 views

Adobe Substance3D Stager Resource Management Error Vulnerability (CNVD-2026-16826)

Adobe Substance3D Stager is a set and rendering software for 3D scenes from the American company Audobee Adobe. A security vulnerability exists in Adobe Substance3D Stager. The vulnerability stems from a mix-up in the instructions responsible for freeing memory, which can be exploited by attacker...

7.8CVSS6AI score0.00045EPSS

RedhatCVE•added 2026/04/08 7:57 p.m.•2 views

CVE-2026-39367

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglin...

RedHat Linux•added 2026/04/08 4:43 p.m.•3 views

Exploits0References1

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

7.5CVSS6AI score0.00061EPSS

Exploits0References6

Github Security Blog•added 2026/04/08 12:8 a.m.•4 views

WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

Summary AVideo's EPG Electronic Program Guide feature parses XML from user-controlled URLs and renders programme titles directly into HTML without any sanitization or escaping. A user with upload permission can set a video's epglink to a malicious XML file whose elements contain JavaScript. This...

5.4CVSS5.9AI score0.00034EPSS

Exploits0References4Affected Software1

EUVD•added 2026/04/08 12:8 a.m.•2 views

EUVD-2026-19879

WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page...

5.4CVSS5.9AI score0.00034EPSS

Exploits0References3

OSV•added 2026/04/08 12:8 a.m.•1 views

GHSA-RQP3-GF5H-MRQX WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

Snyk•added 2026/04/08 12:8 a.m.•1 views

Exploits0References4

Cross-site Scripting (XSS)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of programme titles from user-supplied XML in the EPG feature. An attacker can execute arbitrary JavaScript in the browser...

NVD•added 2026/04/07 8:16 p.m.•8 views

CVE-2026-39367

5.4CVSS0.00034EPSS

CVE•added 2026/04/07 7:50 p.m.•2 views

CVE-2026-32862

NI LabVIEW contains a memory corruption vulnerability (CVE-2026-32862) caused by an out-of-bounds write in ResFileFactory::InitResourceMgr(). The issue can lead to information disclosure or arbitrary code execution and requires a user to open a specially crafted VI file. Affected products: NI Lab...

8.5CVSS6.2AI score0.00022EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/07 7:22 p.m.•1 views

CVE-2026-39367

Exploits0References3Affected Software1

Cvelist•added 2026/04/07 7:22 p.m.•17 views

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

5.4CVSS0.00034EPSS

Vulnrichment•added 2026/04/07 7:22 p.m.•0 views

CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page

Positive Technologies•added 2026/04/07 12:0 a.m.•3 views

PT-2026-30986

RedhatCVE•added 2026/04/06 5:0 p.m.•0 views

Exploits0References5

CVE-2026-34612

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

9.9CVSS6.1AI score0.00067EPSS

Exploits1References1

MSRC•added 2026/04/06 12:0 a.m.•2 views

Congratulations to the top MSRC 2026 Q1 security researchers!

Congratulations to all the researchers recognized in this quarter’sMicrosoft Researcher Recognition Programleaderboard! Thank you to everyone for your hard work and continued partnership to secure customers...

5.9AI score