Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

161326 matches found

RedhatCVE
RedhatCVEadded 2026/05/08 9:29 p.m.15 views

CVE-2026-43384

A flaw was found in the Linux kernel's TCP Authentication Option TCP-AO implementation. This vulnerability arises from a non-constant-time comparison of Message Authentication Codes MACs. A remote attacker could potentially exploit this timing discrepancy to perform a timing attack, which may lea...

9.8CVSS5.8AI score0.00457EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/05/08 9:24 p.m.13 views

CVE-2026-43383

A flaw was found in the Linux kernel's TCP MD5 signature option. This vulnerability allows a remote attacker to perform timing attacks due to a non-constant-time comparison of Message Authentication Codes MACs. By observing the time taken for MAC comparisons, an attacker could potentially infer...

9.4CVSS5.8AI score0.00443EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/08 9:18 p.m.50 views

CVE-2026-42202 nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields

nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint POST/nova-vendor/nova-toggle/toggle/resource/resourceId was protected only by web + auth: middleware. Any user authenticated on the configured guard could call the endpoint and flip boolean attributes...

6.5CVSS0.00201EPSS
Exploits0References2
NVD
NVDadded 2026/05/08 9:16 p.m.13 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

9.8CVSS0.0035EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/08 9:12 p.m.12 views

CVE-2026-43377

A flaw was found in ksmbd in the Linux kernel. When KSMBDDEBUGAUTH logging is enabled, sensitive session, signing, encryption, and decryption key bytes are logged. This can lead to information disclosure, potentially exposing user credentials...

8.1CVSS5.8AI score0.00248EPSS
Exploits0References4
OSV
OSVadded 2026/05/08 9:8 p.m.5 views

CLSA-2026-1778255734 dovecot: Fix of 2 CVEs

CVE-2026-27858: bound managesieve-login AUTHENTICATE initial response size to prevent memory exhaustion DoS before authentication - CVE-2025-59032: fix managesieve-login crash when AUTHENTICATE command did not finish on the first call due to literal SASL initial response...

7.5CVSS5.8AI score0.00456EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/08 8:22 p.m.8 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/08 8:22 p.m.36 views

CVE-2026-44400 MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS0.0035EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/08 8:22 p.m.10 views

CVE-2026-44400

MailEnable Enterprise Premium 10.55 and earlier contains an improper authorization vulnerability in the WebAdmin mobile portal that allows attackers to bypass authentication checks by reusing AuthenticationToken cookies generated for low-privileged users. Attackers can obtain a token from the...

8.7CVSS5.8AI score0.0035EPSS
Exploits0References3
CVE
CVEadded 2026/05/08 8:22 p.m.29 views

CVE-2026-44400

Summary: CVE-2026-44400 affects MailEnable Enterprise Premium versions prior to 10.56 (notably 10.55 and earlier). The vulnerability is an improper authorization flaw in the WebAdmin mobile portal that lets an attacker bypass authentication by reusing AuthenticationToken cookies issued for low-pr...

9.8CVSS5.8AI score0.0035EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blogadded 2026/05/08 8:21 p.m.20 views

Wagtail has improper restriction handling on Documents and Images API

Impact The Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature releas...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2026/05/08 8:21 p.m.4 views

GHSA-P5GM-92H4-6PV6 Wagtail has improper restriction handling on Documents and Images API

Impact The Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. Patches Patched versions have been released as Wagtail 7.0.7 and 7.3.2. The new 7.4 LTS feature releas...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References4
Snyk
Snykadded 2026/05/08 8:21 p.m.13 views

Improper Handling of Insufficient Permissions or Privileges

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via the API for documents and images. A user with access to the API can access filenames and names of items...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References2
NVD
NVDadded 2026/05/08 8:16 p.m.25 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
OSV
OSVadded 2026/05/08 8:16 p.m.3 views

DEBIAN-CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.4AI score0.00481EPSS
Exploits1References1
CVE
CVEadded 2026/05/08 7:49 p.m.24 views

CVE-2026-42189

CVE-2026-42189 affects the Russh Rust SSH library. A pre-authentication denial-of-service exists in the server keyboard-interactive authentication path: an attacker can trigger an OOM crash by sending a crafted USERAUTH_INFO_RESPONSE with a large n, causing the server to allocate memory for a mas...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3Affected Software2
ATTACKERKB
ATTACKERKBadded 2026/05/08 7:49 p.m.7 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/08 7:49 p.m.8 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3
EUVD
EUVDadded 2026/05/08 7:49 p.m.27 views

EUVD-2026-28822

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2026/05/08 7:49 p.m.5 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.4AI score0.00481EPSS
Exploits1
Rows per page
Query Builder