CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/14 5:48 p.m.•6 views

EUVD-2025-209859

Improper Control of Generation of Code 'Code Injection' vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Remote Code Inclusion. This issue affects Library Automation System: from v.19.5 before v.22....

8.8CVSS5.8AI score0.00045EPSS

ATTACKERKB•added 2026/05/14 5:48 p.m.•3 views

CVE-2025-15024

8.8CVSS5.8AI score0.00045EPSS

Exploits0References2Affected Software1

CVE•added 2026/05/14 5:48 p.m.•10 views

CVE-2025-15024

The CVE-2025-15024 entry concerns the Library Automation System from Yordam Information Technology (library management software). Affected versions are 19.5 up to but not including 22.1. The vulnerability is described as an improper control of code generation, i.e., a Code Injection issue that en...

8.8CVSS5.8AI score0.00045EPSS

Cvelist•added 2026/05/14 5:48 p.m.•28 views

CVE-2025-15024 RCE in Yordam Informatics' Library Automation System

8.8CVSS0.00045EPSS

CVE•added 2026/05/14 5:36 p.m.•10 views

CVE-2025-15023

CVE-2025-15023 describes an Incorrect Authorization vulnerability in Library Automation System from Yordam Informatics, affecting versions from 19.5 up to (but not including) 22.1. The issue stems from incorrectly configured access control security levels, enabling unauthorized access due to insu...

Cvelist•added 2026/05/14 5:36 p.m.•25 views

CVE-2025-15023 Improper Access Control in Yordam Informatics' Library Automation System

8.8CVSS0.00041EPSS

EUVD•added 2026/05/14 5:36 p.m.•5 views

EUVD-2025-209858

ATTACKERKB•added 2026/05/14 5:36 p.m.•3 views

CVE-2025-15023

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/14 5:36 p.m.•6 views

CVE-2025-15023 Improper Access Control in Yordam Informatics' Library Automation System

Debian CVE•added 2026/05/14 5:1 p.m.•5 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00012EPSS

Exploits0

IBM Security Bulletins•added 2026/05/14 4:40 p.m.•10 views

Security Bulletin: This Power System update is being released to address CVE-2026-22796

Summary This impacts the FSP administrator function to upload a certificate or firmware image. Uploading a malicious digitally-signed file may cause the FSP the become unavailable. Vulnerability Details CVEID:CVE-2026-22796 DESCRIPTION: Issue summary: A type confusion vulnerability exists in the...

5.3CVSS7.2AI score0.0052EPSS

Exploits1

NVD•added 2026/05/14 4:16 p.m.•8 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS0.00155EPSS

Exploits1References1

The Hacker News•added 2026/05/14 4:7 p.m.•7 views

ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories

Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should have fixed years ago...

9.8CVSS7.1AI score0.06132EPSS

Exploits6

Microsoft Secure•added 2026/05/14 4:0 p.m.•8 views

Defense in depth for autonomous AI agents

Designing Secure Autonomous AI Agents with Defense in Depth AI agents are moving beyond assistance and into action. Instead of generating content, they invoke tools, modify data, trigger workflows, and operate across systems with increasing autonomy. This shift changes the security problem...

5.9AI score

Exploits0

OSSF Malicious Packages•added 2026/05/14 3:49 p.m.•6 views

Malicious code in mrgn-ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9e0d991ca84319ea7151b66ece28c7cfe860d1523b6926f63a60d13d7b96dded Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/14 3:49 p.m.•6 views

Malicious code in marginfi-client-v2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6239cecf8f2a6600aa98aeec2042d29928f02416181a88f31a251b0448327fc1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/14 3:49 p.m.•7 views

Malicious code in web3-utils-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8a5f9a8e5a9dede9c1427e0e8d5c0d8db66d3edbf33e75da9e7cd205b31a1ce3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSSF Malicious Packages•added 2026/05/14 3:49 p.m.•7 views

Malicious code in evm-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6a7489773ccf098f6a3fd266658caa0ef6b48978619a9786e69b43db94758c7e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...