CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/05/13 6:30 p.m.•8 views

EUVD-2026-29990

When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00098EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•8 views

PT-2026-40665

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to 17.1.3.1 BIG-IQ versions prior to 17.5.1.4 Description An authenticated remote code execution issue exists in the BIG-IP and BIG-IQ Configuration utility. This flaw is caused by deserialization, a process where data is...

8.8CVSS6.6AI score0.00681EPSS

Exploits0References5

Positive Technologies•added 2026/05/13 12:0 a.m.•9 views

PT-2026-40673

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When embedded Packet Velocity Acceleration ePVA is configured, undisclosed local ethernet traffic can trigger an infinit...

7.1CVSS5.8AI score0.00032EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•11 views

PT-2026-40639

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description An authenticated iControl SOAP user can obtain information regarding other accounts through a privilege assignment issue...

7.1CVSS5.8AI score0.00063EPSS

EUVD•added 2026/05/12 12:32 p.m.•7 views

EUVD-2026-29445

Insecure generation of credentials in the local SAT Technical Support access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based on a secure cryptographic scheme, but rather on a weak hashing algorithm, which could allow an...

9.2CVSS5.8AI score0.00023EPSS

EUVD•added 2026/05/12 12:32 p.m.•5 views

EUVD-2025-209779

A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M11 All versions, blueplanet 125 TL3 All...

8.3CVSS5.7AI score0.00024EPSS

Vulnrichment•added 2026/05/12 8:20 a.m.•1 views

CVE-2025-40946

8.3CVSS5.7AI score0.00024EPSS

Exploits0References1

CVE•added 2026/05/12 8:20 a.m.•7 views

CVE-2025-40946

CVE-2025-40946 affects a wide range of blueplanet devices (NX3/TL3/TL3-S/TL3-GEN2, gridsafe, hybrid) across many models and versions. The root cause is a CRC16-based algorithm used to generate Technical Service credentials, which could enable an attacker to derive credentials from a device serial...

8.3CVSS7.2AI score0.00024EPSS

Exploits0References1

Cvelist•added 2026/05/12 8:20 a.m.•31 views

CVE-2025-40946

8.3CVSS0.00024EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

PT-2026-39979

8.3CVSS5.7AI score0.00024EPSS

Packet Storm News•added 2026/04/27 12:0 a.m.•2 views

Converging Zero Trust and IoT Security: A Multivocal Literature Review

The convergence of Internet of Things IoT security and Zero Trust ZT principles is a trending topic, demanding a comprehensive, multi-perspective analysis. We present the first multivocal literature review MLR on this topic, combining 68 academic and 36 industrial studies. This comprehensive revi...

5.4AI score

RedHat Linux•added 2026/04/16 3:10 p.m.•6 views

Critical: Red Hat Security Advisory: Technical preview of the satellite/iop-vulnerability-frontend-rhel9 container image

A new satellite/iop-vulnerability-frontend-rhel9 container image is now available as a technical preview in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed package...

8.9CVSS5.8AI score0.00063EPSS

Exploits6References8

ATTACKERKB•added 2026/04/14 12:7 a.m.•2 views

CVE-2026-27676

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

4.3CVSS5.8AI score0.00034EPSS

Vulnrichment•added 2026/04/14 12:7 a.m.•1 views

CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)

4.3CVSS5.8AI score0.00034EPSS

Packet Storm News•added 2026/04/08 12:0 a.m.•1 views

Beyond Single Reports: Evaluating Automated ATT&CK Technique Extraction in Multi-Report Campaign Settings

Large-scale cyberattacks, referred to as campaigns, are documented across multiple CTI reports from diverse sources, with some providing a high-level overview of attack techniques and others providing technical details. Extracting attack techniques from reports is essential for organizations to...

5.8AI score

OSV•added 2026/03/18 1:12 p.m.•2 views

MAL-2026-1861 Malicious code in technical-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bb4466031b35e68c6b2433674215383e95538391f583e01c1800c758a61c53b The package technical-assignment was found to contain malicious code...

5.8AI score

OSSF Malicious Packages•added 2026/03/18 1:12 p.m.•3 views

Malicious code in technical-assignment (npm)

5.8AI score