CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16389 matches found

CVE-2026-56074

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS5.3AI score

Exploits0References2

EUVD•added 8 hours ago•3 views

EUVD-2026-37812

BBOT: Path traversal Zip-Slip in unarchive module - incomplete fix for CVE-2025-10284...

9.6CVSS5.1AI score0.00545EPSS

Exploits0References3

EUVD•added 9 hours ago•4 views

EUVD-2026-37901

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS5.7AI score

Exploits0References1

Nuclei•added 11 hours ago•97 views

Crypto <= 2.15 - Authentication Bypass

The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due a to limited arbitrary method call to 'cryptoconnectajaxprocess::login' function in the 'cryptoconnectajaxprocess' function. This makes it possible for unauthenticated...

9.8CVSS5.5AI score0.07217EPSS

Exploits0References5

CVE•added 12 hours ago•10 views

CVE-2026-11719

CVE-2026-11719 describes an authenticated authorization bypass in MCP Toolbox for Databases due to missing scope enforcement on older protocol handlers. The 2025-11-25 protocol version handler enforces per-tool scope restrictions, but older versions (2025-06-18, 2025-03-26, 2024-11-05) omit this ...

8.6CVSS5.5AI score

Exploits0References2

EUVD•added 12 hours ago•7 views

EUVD-2026-37881

An authenticated authorization bypass vulnerability exists in MCP Toolbox for Databases due to missing scope enforcement across older protocol handlers. While the 2025-11-25 protocol version handler correctly enforces per-tool restrictions defined by scopesRequired, older supported protocol...

8.6CVSS5.5AI score

Exploits0References2

RedhatCVE•added yesterday•5 views

CVE-2026-12528

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS5.4AI score

Exploits0References4

Positive Technologies•added yesterday•5 views

PT-2026-50534

Name of the Vulnerable Software and Affected Versions Network-AI versions prior to 5.7.2 Description The MCP SSE server allows unauthenticated cross-origin MCP tool invocation because the server defaults to an empty secret and the isAuthorized function returns true when the secret is empty. While...

9.1CVSS5.2AI score

Exploits0References5

NVD•added 2 days ago•6 views

CVE-2026-53863

OpenClaw before 2026.4.25 contains an input validation vulnerability in tool group policy callers that accept unvalidated group IDs. Attackers who can supply a group ID to the policy resolver could trigger incorrect group-policy decisions for tool invocations, potentially bypassing intended acces...

7.1CVSS0.00182EPSS

Exploits0References2

CVE•added 2 days ago•7 views

CVE-2026-53845

OpenClaw prior to version 2026.5.6 has a hook bypass in the skill-command dispatch path, where commands routed through the affected path skip the before-tool-call hook coverage, potentially bypassing auditing and policy enforcement. This is described in the CVE entry as a dispatch hook bypass vul...

4.3CVSS5.4AI score0.00193EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2 days ago•4 views

CVE-2026-10275

A flaw was found in OpenSC, specifically within the pkcs11-tool Key Generation Module. This vulnerability, located in the testkpgencertwrite function, is a buffer overflow that can be triggered remotely. A remote attacker could exploit this flaw, potentially leading to information disclosure, dat...

5.1CVSS5.7AI score0.003EPSS

Exploits0References12

Fedora•added 2 days ago•6 views

[SECURITY] Fedora 43 Update: 7zip-26.01-1.fc43

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

8.8CVSS5.3AI score0.00697EPSS

Exploits8

Fedora•added 2 days ago•8 views

[SECURITY] Fedora 44 Update: ack-3.10.0-1.fc44

Ack is a grep-like search tool designed for use with large heterogeneous trees of source code. It searchs recursively and ignores common version control directories...

5.3AI score

Exploits0

EUVD•added 2 days ago•5 views

EUVD-2026-37021

Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.6CVSS5.3AI score0.00164EPSS

Exploits0References5

EUVD•added 2 days ago•6 views

EUVD-2026-37020

Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

6.9CVSS5.3AI score0.00121EPSS

Exploits0References5