CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2 days ago•6 views

CVE-2026-35443

NamelessMC (website software for Minecraft servers) is affected in version 2.2.4. The vulnerability lies in modules/Forum/classes/ForumPostReactionContext.php, where topic-level view_other_topics authorization is not re-enforced, allowing reactions on other users’ topics to be read and modified. ...

5.3CVSS5.8AI score

Vulnrichment•added 2 days ago•4 views

CVE-2026-35443 NamelessMC: Forum reactions bypass the "view own topics only" restriction

5.3CVSS5.8AI score

EUVD•added 2 days ago•3 views

EUVD-2026-33962

Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version 2.10.4...

6.9CVSS5.7AI score

CVE•added 6 days ago•10 views

CVE-2026-49198

CVE-2026-49198 affects Predator Connect W6x: MQTT broker. The issue is improper access control that enables wildcard topic subscriptions, which can expose all MQTT traffic to unauthorized actors. Documents do not specify the vulnerable component beyond the broker, nor do they provide version numb...

8.3CVSS5.8AI score0.00038EPSS

CNNVD•added 6 days ago•3 views

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability, which stems from improper access control in the MQTT proxy, allowing wildcard topic subscriptions, thereby exposin...

8.7CVSS5.8AI score0.00019EPSS

OSV•added 2026/05/21 9:38 p.m.•1 views

GHSA-4F8R-922H-2VGV js-libp2p: Memory DoS via subscription flood of unique topics

Summary Three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default options. 1. defaultDecodeRpcLimits.maxSubscriptions = Infinity packages/gossipsub/src/message/decodeRpc.ts:11: no decode-level cap on...

7.5CVSS5.8AI score

Snyk•added 2026/05/21 9:38 p.m.•5 views

Missing Release of Memory after Effective Lifetime

Overview @libp2p/gossipsub is an A typescript implementation of gossipsub Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through unbounded growth of the topics data structure when processing subscription requests. An attacker can exhaust...

8.7CVSS5.8AI score

IBM Security Bulletins•added 2026/05/19 2:17 p.m.•4 views

Security Bulletin: IBM WebSphere Automation is vulnerable to CVE-2026-35554 which affects the kakfa client library

Summary IBM WebSphere Automation is vulnerable to CVE-2026-35554, which causes a race condition in the Apache Kafka Java producer client's buffer pool management which can cause messages to be silently delivered to incorrect topics. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race...

8.7CVSS6AI score0.00025EPSS

Exploits0Affected Software1

Packet Storm News•added 2026/05/14 12:0 a.m.•5 views

Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem

The dark web hosts a dynamic ecosystem of cybercrime forums and marketplaces that adapt to law enforcement pressure, technological change, and economic incentives. Prior research has extracted cyber threat intelligence from these platforms using static snapshots, with limited attention to how...

5.8AI score

Exploits0

EUVD•added 2026/05/11 6:31 p.m.•3 views

EUVD-2026-29102

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

NVD•added 2026/05/11 6:16 p.m.•2 views

CVE-2026-42316

kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer Kusto. Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the kusto.tables.topics.mapping configuration. The db, table, mapping, and format fields of each mapping...

6.5CVSS0.0003EPSS

NVD•added 2026/05/11 5:16 p.m.•4 views

CVE-2026-33356

7.7CVSS0.00012EPSS

Cvelist•added 2026/05/11 4:41 p.m.•25 views

CVE-2026-42316 KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto

6.5CVSS0.0003EPSS

Vulnrichment•added 2026/05/11 4:41 p.m.•2 views

CVE-2026-42316 KQL injection via kusto.tables.topics.mapping in kafka-sink-azure-kusto

6.5CVSS6.1AI score0.0003EPSS

CVE•added 2026/05/11 4:41 p.m.•5 views

CVE-2026-42316

Summary: The kafka-sink-azure-kusto Kafka Connect plugin (Microsoft’s sink for Azure Data Explorer) is affected by a KQL injection vulnerability in the kusto.tables.topics.mapping configuration. Before version 5.2.3, db/table/mapping/format fields were interpolated directly into KQL commands via ...

6.5CVSS6.1AI score0.0003EPSS

ATTACKERKB•added 2026/05/11 4:2 p.m.•1 views

CVE-2026-33356

Exploits0References3Affected Software1

Cvelist•added 2026/05/11 4:2 p.m.•23 views

CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL

7.7CVSS0.00012EPSS

CVE•added 2026/05/11 4:2 p.m.•6 views

CVE-2026-33356

CVE-2026-33356 affects Meari IoT Cloud MQTT Broker deployments using EMQX 4.x. The issue is that authenticated low-privilege users can subscribe to global wildcard topics and access telemetry from devices they don’t own, because subscribe authorization is not enforced at per-device scope, while p...

Vulnrichment•added 2026/05/11 4:2 p.m.•2 views

CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL