CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

HackRead•added 2026/04/29 9:31 p.m.•2 views

Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds

PocketOS founder says Cursor AI agent deleted its production database in 9 seconds after misusing a root API token, exposing major Railway security flaws...

5.3AI score

Exploits0

Positive Technologies•added 2026/04/25 12:0 a.m.•2 views

PT-2026-37272

Name of the Vulnerable Software and Affected Versions MinIO versions RELEASE.2022-07-24T01-54-52Z through RELEASE.2025-09-07T16-13-09Z Description A path traversal issue in the ReadMultiple internode storage-REST endpoint allows an attacker with the cluster root JWT to read files outside the...

6.9CVSS6AI score0.0002EPSS

Exploits0References7

SUSE CVE•added 2026/04/23 1:29 a.m.•2 views

SUSE CVE-2026-5807

Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This...

7.5CVSS5.7AI score0.00037EPSS

OSV•added 2026/04/21 12:15 p.m.•1 views

BIT-VAULT-2026-5807 Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

NVD•added 2026/04/20 2:16 p.m.•1 views

CVE-2026-6369

An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is...

5.7CVSS0.0002EPSS

Cvelist•added 2026/04/20 1:38 p.m.•22 views

CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap

5.7CVSS0.0002EPSS

Vulnrichment•added 2026/04/20 1:38 p.m.•1 views

CVE-2026-6369 Exposed Session Token in canonical-livepatch client snap

5.7CVSS5.8AI score0.0002EPSS

RedhatCVE•added 2026/04/17 10:37 p.m.•0 views

CVE-2026-5807

A flaw was found in Vault. An unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations. This action occupies the single slot designated for in-progress operations, effectively preventing legitimate operators from completing critical administrative...

7.5CVSS5.5AI score0.00037EPSS

Exploits0References4

EUVD•added 2026/04/17 6:31 a.m.•1 views

EUVD-2026-23362

Snyk•added 2026/04/17 6:31 a.m.•0 views

Allocation of Resources Without Limits or Throttling

Overview github.com/hashicorp/vault/http is an a tool for securely accessing secrets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the HandlerFunc and ReKey related operations in http/handler.go and vault/core.go. An attacker can...

8.7CVSS5.7AI score0.00037EPSS

OSV•added 2026/04/17 6:31 a.m.•1 views

GHSA-88V5-9HXC-F85R HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

Github Security Blog•added 2026/04/17 6:31 a.m.•3 views

Exploits0References3

HashiCorp Vault Vulnerable to Denial-of-Service via Unauthenticated Root Token Generation/Rekey Operations

7.5CVSS5.7AI score0.00037EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/17 5:16 a.m.•0 views

CVE-2026-5807

7.5CVSS0.00037EPSS

CVE•added 2026/04/17 3:22 a.m.•10 views

CVE-2026-5807

Vault is vulnerable to a denial-of-service condition: an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot and preventing legitimate operators from completing these workflows. The issue is fixed in...