CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

Packet Storm News•added 2026/04/10 12:0 a.m.•1 views

ADAM: A Systematic Data Extraction Attack on Agent Memory Via Adaptive Querying

Large Language Model LLM agents have achieved rapid adoption and demonstrated remarkable capabilities across a wide range of applications. To improve reasoning and task execution, modern LLM agents would incorporate memory modules or retrieval-augmented generation RAG mechanisms, enabling them to...

5.8AI score

Exploits0

Github Security Blog•added 2026/03/24 7:11 p.m.•3 views

Parse Server: Denial of Service via unindexed database query for unconfigured auth providers

Impact An unauthenticated attacker can cause Denial of Service by sending authentication requests with arbitrary, unconfigured provider names. The server executes a database query for each unconfigured provider before rejecting the request, and since no database index exists for unconfigured...

8.7CVSS5.8AI score0.00142EPSS

Exploits0References7Affected Software1

Positive Technologies•added 2026/02/18 12:0 a.m.•3 views

PT-2026-20389

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

8.6CVSS5.9AI score0.00045EPSS

Exploits0References2

RedhatCVE•added 2026/02/11 7:44 p.m.•3 views

CVE-2026-25613

An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

7.1CVSS5.5AI score0.00077EPSS

Exploits0References1

OSV•added 2026/01/16 4:15 a.m.•0 views

CVE-2026-1023

Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database contents...

7.5CVSS5.9AI score

Exploits0References2

RedhatCVE•added 2026/01/09 12:33 p.m.•2 views

CVE-2023-31114

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application...

9.1CVSS6.8AI score0.00328EPSS

Exploits0References1

RedhatCVE•added 2026/01/01 6:25 a.m.•3 views

CVE-2025-14434

The Ultimate Post Kit Addons for Elementor WordPress plugin before 4.0.16 exposes multiple AJAX “load more” endpoints such as upkalexgridloadmoreposts without ensuring that posts to be displayed are published authentication. This allows an unauthenticated attacker to query arbitrary posts and...

5.3CVSS6.9AI score0.00058EPSS

Exploits0References1

Positive Technologies•added 2025/11/26 12:0 a.m.•2 views

PT-2025-48161

Name of the Vulnerable Software and Affected Versions Frappe CRM version 1.53.1 Description The Frappe CRM Dashboard Controller contains multiple SQL injection flaws. These flaws are due to the unsafe concatenation of user-controlled parameters into dynamic SQL statements. The issue allows for...

8.8CVSS7.4AI score0.00045EPSS

Exploits1References8

Debian CVE•added 2025/10/22 3:43 p.m.•2 views

CVE-2025-8677

Querying for records within a specially crafted zone containing certain malformed DNSKEY records can lead to CPU exhaustion. This issue affects BIND 9 versions 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1...

7.5CVSS6.2AI score0.00071EPSS

Exploits0

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-17243

Malware in sbrugna...

4.7CVSS5.3AI score0.00084EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-24353