Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

161329 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/08 2:21 p.m.7 views

CVE-2026-43407

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephhandleauthreply This patch fixes an out-of-bounds access in cephhandleauthreply that can be triggered by a message of type CEPHMSGAUTHREPLY. In cephhandleauthreply, the value of...

5.8AI score0.00537EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVEadded 2026/05/08 2:21 p.m.7 views

CVE-2026-43384

In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.8CVSS5.7AI score0.00457EPSS
Exploits0
Debian CVE
Debian CVEadded 2026/05/08 2:21 p.m.7 views

CVE-2026-43383

In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

9.4CVSS5.7AI score0.00443EPSS
Exploits0
CVE
CVEadded 2026/05/08 2:21 p.m.35 views

CVE-2026-43383

CVE-2026-43383 affects the Linux kernel’s TCP MD5 signature handling. The root cause is a non-constant-time MAC comparison, enabling potential timing attacks. The vulnerability is addressed by changing the MAC comparison to a constant-time implementation using the appropriate helper function. The...

9.4CVSS5.7AI score0.00443EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2026/05/08 2:21 p.m.20 views

CVE-2026-43377

CVE-2026-43377 affects ksmbd in the Linux kernel where, under KSMBD_DEBUG_AUTH logging, generate_smb3signingkey() and generate_smb3encryptionkey() log session, signing, encryption, and decryption key bytes. The issue allows potential information disclosure by exposing credentials through verbose ...

8.1CVSS5.8AI score0.00248EPSS
Exploits0References6Affected Software1
NVD
NVDadded 2026/05/08 2:16 p.m.18 views

CVE-2026-44338

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS0.26799EPSS
Exploits3References1
NVD
NVDadded 2026/05/08 2:16 p.m.10 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS0.00252EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2026/05/08 2:16 p.m.9 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References10
OSV
OSVadded 2026/05/08 2:16 p.m.9 views

UBUNTU-CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS5.7AI score0.00252EPSS
Exploits0References11
OSV
OSVadded 2026/05/08 2:16 p.m.9 views

UBUNTU-CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

9.8CVSS5.8AI score0.00502EPSS
Exploits0References10
GithubExploit
GithubExploitadded 2026/05/08 2:5 p.m.91 views

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

9.8CVSS6AI score0.981EPSS
Exploits64
CVE
CVEadded 2026/05/08 1:35 p.m.41 views

CVE-2026-44338

PraisonAI ships a legacy Flask API server with authentication disabled by default in versions 2.5.6 through before 4.6.34. The root cause is APIServer.check_auth() short-circuiting when AUTH_ENABLED is False, allowing unauthenticated access to /agents and triggering the agents.yaml workflow via /...

7.3CVSS5.8AI score0.26799EPSS
In wildExploits3References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/08 1:35 p.m.8 views

CVE-2026-44338

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS5.8AI score0.26799EPSS
Exploits3References2Affected Software1
Cvelist
Cvelistadded 2026/05/08 1:35 p.m.38 views

CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS0.26799EPSS
Exploits3References1
Vulnrichment
Vulnrichmentadded 2026/05/08 1:35 p.m.8 views

CVE-2026-44338 PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution

PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any caller that can reach it can access /agents and trigger the configured agents.yaml workflow throug...

7.3CVSS5.8AI score0.26799EPSS
Exploits3References1
CVE
CVEadded 2026/05/08 1:31 p.m.18 views

CVE-2026-43334

CVE-2026-43334 concerns the Linux kernel Bluetooth SMP pairing flow. The issue arises in smp_cmd_pairing_req() where the pairing response is built from the initiator auth_req before enforcing the local BT_SECURITY_HIGH, allowing the response to omit SMP_AUTH_MITM if the initiator did. Consequentl...

8.8CVSS5.8AI score0.00252EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/08 1:31 p.m.8 views

CVE-2026-43334

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

5.8AI score0.00252EPSS
Exploits0References9Affected Software1
Cvelist
Cvelistadded 2026/05/08 1:31 p.m.34 views

CVE-2026-43334 Bluetooth: SMP: force responder MITM requirements before building the pairing response

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: force responder MITM requirements before building the pairing response smpcmdpairingreq currently builds the pairing response from the initiator authreq before enforcing the local BTSECURITYHIGH requirement. If th...

8.8CVSS0.00252EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/08 1:11 p.m.9 views

CVE-2026-43304

In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPHMAXKEYLEN When decoding the key, verify that the key material would fit into a fixed-size buffer in processauthdone and generally has a sane length. The new CEPHMAXKEYLEN check replaces the existin...

5.8AI score0.00502EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2026/05/08 1:11 p.m.30 views

CVE-2026-43304

CVE-2026-43304 affects the Linux kernel libceph component. The flaw arises when decoding key material in process_auth_done(), where the code failed to enforce an upper bound on key length. The fix defines and enforces CEPH_MAX_KEY_LEN and clamps key material to a fixed-size buffer, addressing a v...

9.8CVSS5.8AI score0.00502EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder