Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

128 matches found

CVE
CVEadded last week20 views

CVE-2026-48523

PyJWT vulnerability affecting versions 2.9.0–2.12.1 where verifier-side algorithm allow-list bypass occurs when decoding with a PyJWK/PyJWKClient key. The token header’s alg is checked against the caller-supplied allow-list, but the signature is verified using the algorithm bound to the PyJWK obj...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded last week23 views

CVE-2026-48524 PyJWT: PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS0.00057EPSS
Exploits0References1
OSV
OSVadded 2026/05/08 5:46 a.m.4 views

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

9.1CVSS5.8AI score0.00553EPSS
Exploits0References4
OSV
OSVadded 2026/05/06 2:45 p.m.4 views

BIT-JAVA-2025-27113

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c...

7.5CVSS6.7AI score0.00094EPSS
Exploits1References12
UbuntuCve
UbuntuCveadded 2026/04/09 5:16 p.m.0 views

CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS5.8AI score0.00017EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/04/09 12:0 a.m.3 views

PT-2026-31647

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pe page hash calc. When processing PE sections for page hashing, the function uses...

5.5CVSS6AI score0.00017EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/03/26 12:0 a.m.1 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-006302)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006302 advisory. When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size...

6.2CVSS6.9AI score0.00073EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/03/05 5:53 a.m.30 views

CVE-2026-27383 WordPress Metro theme <= 2.13 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Metro metro allows PHP Local File Inclusion.This issue affects Metro: from n/a through = 2.13...

8.1CVSS0.00056EPSS
Exploits0References1
CVE
CVEadded 2026/03/05 5:53 a.m.9 views

CVE-2026-27382

RadiusTheme Metro metro (≤ 2.13) is reported to be vulnerable to DOM-based XSS in web page generation. The CVE entry describes Cross-Site Scripting in Metro with this version range; patch/mitigation details are not provided in the supplied documents. Some sources list the issue as unpatched.

7.1CVSS5.9AI score0.00045EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/05 12:0 a.m.3 views

WordPress plugin Metro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.1CVSS5.8AI score0.00056EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/16 12:0 a.m.2 views

PT-2026-8386

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time which is available from HTTP response headers, a call to the built-in rand function, and the PID...

5.5AI score0.00059EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/01/22 12:0 a.m.2 views

Azure Linux 3.0 Security Update: glibc (CVE-2025-0395)

The version of glibc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-0395 advisory. - When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space f...

6.2CVSS6.9AI score0.00073EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/01/15 3:59 p.m.3 views

Important: Red Hat Security Advisory: Moderate: Red Hat Advanced Cluster Management for Kubernetes v2.13.5 security update

Red Hat Advanced Cluster Management for Kubernetes 2.13 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. Red Hat Advanced Cluster Management for Kubernetes 2.13 images Red Hat Advanced Cluster Management for Kubernetes provides...

9.1CVSS6.7AI score0.00257EPSS
Exploits3References8
Positive Technologies
Positive Technologiesadded 2025/12/18 12:0 a.m.1 views

PT-2025-52002

Name of the Vulnerable Software and Affected Versions AncoraThemes ShieldGroup versions through 2.13 Description The software contains a flaw related to improper control of filenames used in include/require statements, potentially leading to PHP Local File Inclusion. The issue is present in...

8.1CVSS6.7AI score0.00226EPSS
Exploits0References4
Patchstack
Patchstackadded 2025/12/15 11:53 p.m.5 views

WordPress Image Gallery – Photo Grid & Video Gallery plugin <= 2.13.3 - Missing Authorization to Authenticated (Author+) Arbitrary Gallery Modification vulnerability

Missing Authorization to Authenticated Author+ Arbitrary Gallery Modification vulnerability discovered by WordFence in WordPress Plugin Modula Image Gallery versions = 2.13.3...

4.3CVSS6.8AI score0.00036EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2011-1109

Malware in sbrugna...

6.2CVSS4.6AI score0.0014EPSS
Exploits1References27
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2015-8150

Malware in sbrugna...

6.8CVSS6.6AI score0.00796EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2012-1627

Malware in sbrugna...

9.3CVSS6.1AI score0.07361EPSS
Exploits0References11
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-47713

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00246EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2022-41776

Malicious code in bioql PyPI...

9.1CVSS9AI score0.0017EPSS
Exploits0References5
Rows per page
Query Builder