CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•6 views

EUVD-2026-33617

Missing authentication and clear‑text transmission of data from the heat pumps to the control server, combined with the absence of input validation on aggregated data, can lead to stored XSS that enables theft of cookies from the pump’s web control interface. Older Orca heat pump devices...

6.3CVSS5.9AI score0.00018EPSS

Vulnrichment•added 3 days ago•4 views

CVE-2026-25599 Missing authentication and clear‑text data transmission affecting Orca heat pumps

6.3CVSS5.9AI score0.00018EPSS

Snyk•added 6 days ago•1 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution through the config.proxy property in the HTTP adapter, which accesses properties via the prototype chain. An attacker can intercept and modify all HTT...

8.9CVSS6.3AI score

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44519

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Public Sector Financials International versions 12.2.6 through 12.2.15 Description An issue exists in the Authorization component of Oracle Public Sector Financials International. A low privileged attacker with...

7.7CVSS5.8AI score0.00038EPSS

OSV•added 2026/05/27 11:16 a.m.•2 views

ALPINE-CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

Vulnrichment•added 2026/05/27 10:2 a.m.•3 views

CVE-2026-3012 Samba: group policy certificate enrollment uses http:// without validation

CVE•added 2026/05/27 10:2 a.m.•16 views

CVE-2026-3012

CVE-2026-3012 concerns Samba’s certificate auto-enrollment over HTTP without verification. When Group Policy auto-enrollment is enabled, Samba may fetch a CA certificate via unencrypted HTTP and install it into the local trust store without proper validation, enabling a MiTM-style attack to intro...

Debian CVE•added 2026/05/27 10:2 a.m.•3 views

CVE-2026-3012

RedhatCVE•added 2026/05/27 9:26 a.m.•4 views

Exploits0

CVE-2026-3012

SUSE CVE•added 2026/05/27 2:53 a.m.•6 views

Exploits0References4

SUSE CVE-2026-3012

A flaw was found in Samba's certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

Cvelist•added 2026/05/14 4:6 p.m.•26 views

Exploits0References6

CVE-2025-62311 HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels.

HCL AION is affected by a vulnerability where backend service details may be transmitted over insecure HTTP channels. This may expose sensitive information to potential interception or unauthorized access during transmission under certain conditions...

4.3CVSS0.00012EPSS

Positive Technologies•added 2026/05/01 12:0 a.m.•2 views

PT-2026-36542

Name of the Vulnerable Software and Affected Versions bandit versions 1.0.0 through 1.10.f Description Reliance on untrusted inputs in a security decision allows unauthenticated transport-state spoofing on plaintext HTTP connections. The function determine scheme/2 in Elixir.Bandit.Pipeline retur...

6.3CVSS5.8AI score0.00026EPSS

Exploits0References12

Imperva Blog•added 2026/04/29 7:3 a.m.•2 views

Bad Bot Report 2026: The Internet Is No Longer Human and It’s Changing How Business Works

For decades, companies have operated on a simple assumption that most internet traffic came from people. That assumption no longer holds. The latest 2026 Bad Bot Report: Bad Bots in the Agentic Age reinforces a shift that is now impossible to ignore. Automated traffic continues to outpace human...

5.9AI score

Exploits0

EUVD•added 2026/04/24 12:31 a.m.•1 views

EUVD-2026-25361

A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...

6.9CVSS5.8AI score0.00034EPSS

Exploits0References4

NVD•added 2026/04/24 12:16 a.m.•1 views

CVE-2026-40431

6.9CVSS0.00034EPSS

Vulnrichment•added 2026/04/23 11:56 p.m.•0 views

CVE-2026-40431 SenseLive X3050 Cleartext transmission of sensitive information

6.9CVSS5.3AI score0.00034EPSS

Positive Technologies•added 2026/04/23 12:0 a.m.•0 views

PT-2026-34809

6.9CVSS5.8AI score0.00034EPSS

CVE•added 2026/04/22 6:4 p.m.•4 views

CVE-2026-41468

Beghelli Sicuro24 SicuroWeb uses AngularJS 1.5.2, an end-of-life component, which together with in-app template injection enables sandbox escape and arbitrary JavaScript execution in operator browser sessions. This can lead to session hijacking, DOM manipulation, and persistent browser compromise...

9.3CVSS6.1AI score0.00074EPSS