CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 3 hours ago•1 views

CVE-2026-43926

6.3CVSS

Exploits0References3Affected Software1

EUVD•added 3 hours ago•2 views

EUVD-2026-34255

6.3CVSS5.8AI score

Vulnrichment•added 3 hours ago•2 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

6.3CVSS5.8AI score

Cvelist•added 3 hours ago•2 views

CVE-2026-43926 FOSSBilling's password reset confirmation endpoint lacks rate limiting

6.3CVSS

CVE•added 3 hours ago•4 views

CVE-2026-43926

FOSSBilling prior to 0.8.0 allows probing the password-reset flow because the non-API controller for /client/reset-password-confirm/:hash is not rate-limited like /api/* endpoints. The endpoint may reveal valid vs invalid tokens (200 vs 302), enabling unlimited token guessing until expiry. Token ...

6.3CVSS5.8AI score

SUSE CVE•added 13 hours ago•4 views

SUSE CVE-2026-46247

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 "clk: divider: remove roundrate in favor of determinerate" determining GFX3D clock rate crashes, because the passed parent map doesn't provide the...

EUVD•added yesterday•3 views

EUVD-2026-34109

Cvelist•added yesterday•19 views

Exploits0References6

CVE-2026-46247 clk: qcom: gfx3d: add parent to parent request map

Exploits0References6

CVE•added yesterday•5 views

CVE-2026-46247

The CVE affects the Linux kernel clk/qcom gfx3d path. The root cause was that determining the GFX3D clock rate could crash because the passed parent map did not provide the expected best_parent_hw clock after a prior change. The fix adds the parent field to the parent_req structure in addition to...

Vulnrichment•added yesterday•3 views

Exploits0References6

CVE-2026-36607

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

ATTACKERKB•added yesterday•2 views

CVE-2026-36607

Cvelist•added yesterday•22 views

CVE-2026-36607

EUVD•added yesterday•2 views

EUVD-2026-34146

Positive Technologies•added yesterday•4 views

PT-2026-45995

Mercusys AC12G EU V1 router with firmware AC12GEU V1 200909 allows unauthenticated brute-force attacks via the TDDP password change endpoint code=10, which lacks the rate limiting applied to the login endpoint code=7. An attacker on the adjacent network can attempt unlimited passwords without...

CVE•added yesterday•2 views

CVE-2026-36607

Mercusys AC12G (EU) V1 router, firmware AC12G(EU)_V1_200909, is affected by CVE-2026-36607. The TDDP password change endpoint (code=10) allows unauthenticated brute-force attempts without rate limiting, unlike the login endpoint (code=7). An attacker on an adjacent network can attempt unlimited p...

Packet Storm News•added 3 days ago•1 views

Gate AI: LLM Security Benchmark Evaluation Methodology and Results

Published evaluations of prompt-injection and jailbreak detectors for Large Language Models often suffer from two systematic weaknesses: per-dataset threshold tuning and undisclosed operating points. We describe an evaluation harness that addresses both. The detector under evaluation is scored...

Packet Storm News•added 4 days ago•5 views

Exploits0

Defenses and Enablers for Skill Injection Attacks on Terminal Based Agents

Large language model LLM agents increasingly rely on reusable skills i.e. documents describing task-specific procedures. However, this introduces a new attack surface for agents to manage. We study two complementary directions for this threat. First, we evaluate guardian-based defenses: an...

5.7AI score

Exploits0

SUSE CVE•added 5 days ago•7 views

SUSE CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00057EPSS

Exploits0References3

CNNVD•added 5 days ago•3 views

Yamcs security vulnerabilities

Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. YAMCS has a security vulnerability that stems from the lack of rate limits...