CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Hacker News•added 2026/06/09 11:59 a.m.•8 views

Researchers Build Self-Replicating AI Worm That Operates Entirely on Local, Open-Weight Models

University of Toronto researchers have built and tested a proof-of-concept AI-driven computer worm that uses a locally hosted open-weight large language model to reason its way through a network, generate tailored attack strategies for each target it encounters, and replicate itself, all without...

9.8CVSS6.4AI score0.95645EPSS

Exploits11

RedhatCVE•added 2026/06/05 7:32 p.m.•9 views

CVE-2026-6932

The Woo Commerce Minimum Weight plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.0.1. This is due to missing nonce verification on the settings update handler in edit-weight.php. This makes it possible for unauthenticated attackers to modify t...

4.3CVSS5.4AI score0.00132EPSS

Exploits0References1

Packet Storm News•added 2026/06/05 12:0 a.m.•18 views

RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks

Reasoning-capable large language models can be induced to spend their generation budget on injected decoy tasks rather than answering the user's question, causing denial of service when no final answer is produced and denial of wallet when excess output tokens are billed. Input-side safety...

5.6AI score

Packet Storm News•added 2026/06/03 12:0 a.m.•5 views

Revisiting Vul-RAG: Reproducibility and Replicability of RAG-Based Vulnerability Detection with Open-Weight Models

Large language models LLMs have shown strong potential for automated software vulnerability detection, particularly in retrieval-augmented generation RAG settings. However, for approaches relying on proprietary models and APIs, reproducibility and replicability remain largely unexplored, raising...

5.9AI score

Packet Storm News•added 2026/05/28 12:0 a.m.•9 views

Token-Level Generalization in LoRA Adapter Backdoors: Attack Characterization and Behavioral Detection

We show that LoRA adapters, the dominant distribution format for fine-tuned LLMs, can be reliably backdoored through training data poisoning while preserving baseline task performance. On a Qwen 2.5 1.5B prompt-injection classifier, a small fraction of poisoned examples drives a...

5.8AI score

Packet Storm News•added 2026/05/14 12:0 a.m.•6 views

Widening the Gap: Exploiting LLM Quantization Via Outlier Injection

LLM quantization has become essential for memory-efficient deployment. Recent work has shown that quantization schemes can pose critical security risks: an adversary may release a model that appears benign in full precision but exhibits malicious behavior once quantized by users. However, existin...

5.8AI score

EUVD•added 2026/05/12 9:31 a.m.•8 views

EUVD-2026-29412

NVD•added 2026/05/12 9:16 a.m.•8 views

Exploits0References6

CVE-2026-6932

4.3CVSS0.00132EPSS

CVE•added 2026/05/12 7:48 a.m.•16 views

CVE-2026-6932

CVE-2026-6932 affects the WordPress plugin WooCommerce Minimum Weight (versions

Cvelist•added 2026/05/12 7:48 a.m.•32 views

CVE-2026-6932 Woo Commerce Minimum Weight <= 3.0.1 - Cross-Site Request Forgery via Settings Update Form

4.3CVSS0.00132EPSS

Vulnrichment•added 2026/05/12 7:48 a.m.•6 views

CVE-2026-6932 Woo Commerce Minimum Weight <= 3.0.1 - Cross-Site Request Forgery via Settings Update Form

ATTACKERKB•added 2026/05/12 7:48 a.m.•8 views

CVE-2026-6932

Positive Technologies•added 2026/05/12 12:0 a.m.•8 views

Exploits0References6

PT-2026-39967

CNNVD•added 2026/05/12 12:0 a.m.•8 views

Exploits0References6

WordPress plugin Woo Commerce Minimum Weight 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.8AI score0.00132EPSS

Exploits0References1

Patchstack•added 2026/05/11 7:7 p.m.•6 views

WordPress Woo Commerce Minimum Weight plugin <= 3.0.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Woo Commerce Minimum Weight versions = 3.0.1...

4.3CVSS5.8AI score0.00132EPSS

Exploits0References1Affected Software1

Github Security Blog•added 2026/05/06 10:40 p.m.•8 views

pyquorum: Timing side‑channel in mul_mod

Impact The mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of secret‑sharing operations e.g., via a remote service could progressively recover the valu...

6.9CVSS6AI score0.00314EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/06 12:0 a.m.•8 views

PT-2026-38310

Name of the Vulnerable Software and Affected Versions PyQuorum versions prior to 0.2.1 Description The mul mod function implements multiplication using a binary expansion loop. The execution time of this process depends on the Hamming weight the number of symbols that are different from zero of t...

6.9CVSS6AI score0.00314EPSS