CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/20 12:0 a.m.•8 views

PT-2026-42177

Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.4.0 through 1.0.x Description An authorization bypass occurs due to user-controlled keys, allowing cross-session PubSub topic injection via a URL query parameter. The function handle params/3 in...

2.3CVSS5.5AI score0.00409EPSS

Exploits0References11

Packet Storm News•added 2026/05/14 12:0 a.m.•8 views

Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem

The dark web hosts a dynamic ecosystem of cybercrime forums and marketplaces that adapt to law enforcement pressure, technological change, and economic incentives. Prior research has extracted cyber threat intelligence from these platforms using static snapshots, with limited attention to how...

5.8AI score

Exploits0

EUVD•added 2026/05/13 6:30 p.m.•7 views

EUVD-2026-29910

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

CVE•added 2026/05/13 5:32 a.m.•15 views

CVE-2026-2725

Gerrit CVE-2026-2725 affects Gerrit versions 2.12 and later due to an incorrect authorization in the "submitted together" feature. An authenticated attacker with force-push permissions on a secondary branch can bypass code review and forcefully submit code to restricted branches by submitting a c...

Vulnrichment•added 2026/05/13 5:32 a.m.•3 views

CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"

ATTACKERKB•added 2026/05/13 5:32 a.m.•5 views

CVE-2026-2725

Cvelist•added 2026/05/13 5:32 a.m.•42 views

CVE-2026-2725 Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"

6CVSS0.0022EPSS

Positive Technologies•added 2026/05/13 12:0 a.m.•5 views

PT-2026-40576

Vulnrichment•added 2026/05/08 9:12 p.m.•7 views

CVE-2026-42193 Plunk: SNS webhook forgery

Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verifying the SNS signature, certificate, or topic ARN, meaning anyone can forge a valid-looking webhoo...

9.1CVSS5.7AI score0.00127EPSS

Positive Technologies•added 2026/05/07 12:0 a.m.•8 views

PT-2026-38460

Name of the Vulnerable Software and Affected Versions Yarbo firmware version 2.3.9 Description The embedded MQTT broker is configured to permit anonymous connections and lacks topic-level read or write Access Control Lists ACLs. This allows any host on the same network to subscribe to sensitive...

9.8CVSS5.8AI score0.00544EPSS

Exploits1References5

OSV•added 2026/05/05 4:15 p.m.•1 views

MINI-HJCV-CP57-89MJ

Bulletin has no description...

5.7AI score

Exploits0

NVD•added 2026/04/29 3:16 p.m.•1 views

CVE-2026-7384

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function searchpapers of the file researchserver.py. Performing a manipulation of the argument topic results in path traversal. Remote...

7.5CVSS0.00418EPSS

EUVD•added 2026/04/29 2:30 p.m.•2 views

EUVD-2026-26238

ATTACKERKB•added 2026/04/29 2:30 p.m.•1 views

CVE-2026-7384

CVE•added 2026/04/29 2:30 p.m.•7 views

CVE-2026-7384

The CVE-2026-7384 entry concerns ezequiroga mcp-bases (commit 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c). It affects the function search_papers in research_server.py. A path traversal vulnerability is triggered by manipulating the topic argument, leading to...

CNNVD•added 2026/04/29 12:0 a.m.•6 views

MCP Research Assistant 路径遍历漏洞

MCP Research Assistant is a scholarly paper search and analysis tool developed by ezequiroga. MCP Research Assistant has a path traversal vulnerability, which stems from improper handling of the topic parameter in the searchpapers function within the researchserver.py file. This improper handling...

7.5CVSS7.1AI score0.00418EPSS

Positive Technologies•added 2026/04/29 12:0 a.m.•3 views

PT-2026-35930

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function search papers of the file research server.py. Performing a manipulation of the argument topic results in path traversal. Remote...