CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Packet Storm News•added 2026/05/23 12:0 a.m.•5 views

CyberMaskQA: A Privacy-Aware Benchmark for Evaluating Large Language Models in Cybersecurity Question Answering

Large language models LLMs are increasingly applied to cybersecurity question answering QA for critical tasks such as incident response and vulnerability analysis. However, real-world operational contexts, including system logs and network configurations, inherently contain sensitive identifiers,...

5.8AI score

Snyk•added 2026/05/22 4:42 p.m.•6 views

Malicious Package

Overview polymarket-auto-trade is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Snyk•added 2026/05/22 4:42 p.m.•5 views

Malicious Package

Overview polymarket-trade is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score

Wired Threat Level•added 2026/05/21 9:35 p.m.•5 views

‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says

Three firms will pay nearly $1 million for selling “Active Listening” technology that they claimed tapped people’s phones for advertising. The FTC alleges the “tech” was just pricey email lists...

5.8AI score

Malwarebytes•added 2026/05/21 11:8 a.m.•8 views

TikTok, YouTube, and Roblox face scrutiny, but age gates won’t fix child safety

A damaging new report from Ofcom, the UK's communications regulator, has delivered a stark verdict: TikTok and YouTube's content feeds are "not safe enough" for children. This isn't just another regulatory slap on the wrist. Ofcom is putting out a wake-up call for anyone working in cybersecurity,...

5.7AI score

RedhatCVE•added 2026/05/18 7:58 p.m.•9 views

CVE-2026-8737

A weakness has been identified in Sanluan PublicCMS 5.202506.d. This issue affects the function execute of the file publiccms-trade/src/main/java/com/publiccms/views/directive/trade/TradeAddressListDirective.java of the component Trade Address Query Handler. Executing a manipulation of the argume...

EUVD•added 2026/05/18 8:54 a.m.•5 views

Exploits0References1

EUVD-2026-30759

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025...

8.8CVSS5.8AI score0.00045EPSS

Exploits0References1

NVD•added 2026/05/17 8:16 a.m.•7 views

CVE-2026-8738

A security vulnerability has been detected in Sanluan PublicCMS 5.202506.d. Impacted is the function TradeOrderController.pay/TradePaymentController.pay/AccountGatewayComponent.pay of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeOrderController.java of the...

6.9CVSS0.00051EPSS

ATTACKERKB•added 2026/05/17 7:30 a.m.•5 views

CVE-2026-8738

6.9CVSS6.1AI score0.00051EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/17 7:30 a.m.•9 views

CVE-2026-8738

Sanluan PublicCMS 5.202506.d contains a vulnerability affecting the Trade payment flow. Specifically, the methods TradeOrderController.pay, TradePaymentController.pay, and AccountGatewayComponent.pay in the publiccms-trade module are affected, with the root cause described as a business logic man...

6.9CVSS6.1AI score0.00051EPSS

Cvelist•added 2026/05/17 7:30 a.m.•36 views

CVE-2026-8738 Sanluan PublicCMS Trade Payment Flow TradeOrderController.java AccountGatewayComponent.pay logic error

6.9CVSS0.00051EPSS

NVD•added 2026/05/17 7:16 a.m.•6 views

CVE-2026-8737

6.9CVSS0.00075EPSS

Cvelist•added 2026/05/17 6:45 a.m.•32 views

CVE-2026-8737 Sanluan PublicCMS Trade Address Query TradeAddressListDirective.java execute missing authentication

6.9CVSS0.00075EPSS

EUVD•added 2026/05/17 6:45 a.m.•7 views

EUVD-2026-30686

Vulnrichment•added 2026/05/17 6:45 a.m.•4 views

CVE-2026-8737 Sanluan PublicCMS Trade Address Query TradeAddressListDirective.java execute missing authentication

Positive Technologies•added 2026/05/17 12:0 a.m.•6 views

PT-2026-41522

Positive Technologies•added 2026/05/17 12:0 a.m.•6 views

Exploits0References5

PT-2026-41524

6.9CVSS6.1AI score0.00051EPSS

Exploits0References5

CNNVD•added 2026/05/17 12:0 a.m.•5 views

PublicCMS 授权问题漏洞

PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version 5.202506.d of PublicCMS has a vulnerability related to authorization. This vulnerability stems from the execute function in the Trade Address Query Handler component, specifically in...

6.9CVSS6AI score0.00075EPSS

CNNVD•added 2026/05/17 12:0 a.m.•5 views

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from a business logic error in the...

6.9CVSS6.7AI score0.00051EPSS