CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15001 matches found

GithubExploit•added 1 hour ago•7 views

test

No d...

5.8AI score

Exploits0

NVD•added 8 hours ago•3 views

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS

Exploits0References1

CVE•added 9 hours ago•7 views

CVE-2026-49204

Technical details about CVE-2026-49204 are not publicly available in the provided documents; monitor for updates.

6.9CVSS5.8AI score

Exploits0References1

Cvelist•added 9 hours ago•5 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS

Exploits0References1

ATTACKERKB•added 9 hours ago•3 views

CVE-2026-49204

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score

Exploits0References2

Vulnrichment•added 9 hours ago•1 views

CVE-2026-49204 Hard-coded AWS Cognito Testing Accounts

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score

Exploits0References1

Nuclei•added 12 hours ago•2 views

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

8.8CVSS6.6AI score0.04116EPSS

Exploits3References4

Nuclei•added 12 hours ago•4 views

BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery

Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...

6.9CVSS5.8AI score0.00083EPSS

Exploits0References3

Positive Technologies•added 15 hours ago•7 views

PT-2026-46155

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation...

6.9CVSS5.8AI score

Exploits0References2

NVD•added yesterday•6 views

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.9CVSS

Exploits0References1

SUSE Linux•added yesterday•2 views

Security update for salt

This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...

8.7CVSS7.2AI score0.00028EPSS

Exploits0References16

OSV•added yesterday•1 views

SUSE-SU-2026:2256-1 Security update for salt

This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...

8.7CVSS5.8AI score0.00028EPSS

Exploits0References8

OSV•added yesterday•1 views

SUSE-SU-2026:2255-1 Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 - CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer...

9.8CVSS7AI score0.00043EPSS

Exploits0References13

OSV•added yesterday•2 views

SUSE-SU-2026:2252-1 Security update for salt

8.7CVSS5.8AI score0.00028EPSS

Exploits0References8

SUSE CVE•added yesterday•6 views

SUSE CVE-2026-10294

A vulnerability has been found in PackageKit up to 1.3.5. Affected is the function gfiletest of the file src/pk-transaction.c of the component API. Such manipulation of the argument frontend-socket leads to improper authorization. The attack can be executed remotely. The exploit has been disclose...

5.3CVSS5.4AI score0.0003EPSS

Exploits0References3

Cvelist•added yesterday•22 views

CVE-2026-36616

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-34154

5.8AI score

Exploits0References1

CVE•added yesterday•2 views

CVE-2026-36616

The CVE-2026-36616 entry concerns Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The connected documents confirm a concrete issue: hardcoded WiFi driver credentials embedded in the production firmware binary, including a RADIUS shared secret, a WPS test key, and a default PSK. This cre...

5.9CVSS5.8AI score

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-10240

A vulnerability was identified in JeecgBoot up to 3.9.2. The impacted element is an unknown function of the file /airag/airagModel/test. The manipulation of the argument baseUrl leads to server-side request forgery. The attack is possible to be carried out remotely. The exploit is publicly...

6.5CVSS5.6AI score0.00043EPSS

Exploits0References1

OSSF Malicious Packages•added 2 days ago•6 views

Malicious code in jules-test-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 30c3ca1fa1b7237661d28aada477f7316b7e696a55e2c92c4dee200f291140f4 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by