Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52011 matches found

OSV
OSVadded 2026/05/29 6:8 p.m.6 views

GHSA-R9PM-GXMW-WV6P NodeVM network builtin exclusions bypass via internal _http_client and _http_server

Summary NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes underscored internal HTTP builtins such as httpclient and...

8.6CVSS5.8AI score
Exploits0References4
Rockylinux
Rockylinuxadded 2026/05/29 4:3 p.m.8 views

go-fdo-client security update

An update is available for go-fdo-client. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list go-fdo-client is the device-side implementation of FIDO Device Onboard...

7.5CVSS5.8AI score0.00019EPSS
Exploits0
NVD
NVDadded 2026/05/29 3:16 p.m.13 views

CVE-2026-45609

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

7.2CVSS0.00043EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 2:16 p.m.10 views

CVE-2026-44237

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

8.1CVSS0.00035EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 1:48 p.m.9 views

EUVD-2026-33323

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

7.2CVSS5.8AI score0.00043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 1:48 p.m.10 views

CVE-2026-45609

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

7.2CVSS5.8AI score0.00043EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 1:48 p.m.8 views

CVE-2026-45609 mcp-security: Unvalidated URL Fetching (SSRF)

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

7.2CVSS5.8AI score0.00043EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 1:48 p.m.31 views

CVE-2026-45609 mcp-security: Unvalidated URL Fetching (SSRF)

mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-security framework fails to implement the mandatory SSRF mitigations outlined in the Model Context Protocol MCP security specifications. Specifically, it processes untrusted...

7.2CVSS0.00043EPSS
Exploits0References1
OSV
OSVadded 2026/05/29 1:34 p.m.7 views

OESA-2026-2496 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: Revert "smb: client: fix TCP timers deadlock after rmmod" This reverts commit e9f2517a3e18a54a3943c098d2226b245d488801. Commit e9f2517a3e18 "smb: client: fix TCP...

9.8CVSS5.6AI score0.00082EPSS
Exploits0References6
OSV
OSVadded 2026/05/29 1:34 p.m.5 views

OESA-2026-2485 buildah security update

The package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a new image...

7.5CVSS6.6AI score0.00021EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/29 12:46 p.m.7 views

EUVD-2026-33300

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

7.6CVSS5.8AI score0.00035EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 12:46 p.m.8 views

CVE-2026-44237

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

7.6CVSS5.8AI score0.00035EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/29 12:46 p.m.16 views

CVE-2026-44237

Summary: CVE-2026-44237 affects FreePBX before 17.0.8. The api module’s OAuth2 flow does not validate client credentials during token issuance; validateClient() in ClientRepository.php unconditionally returns true. This allows any party with a valid client_id to obtain OAuth2 access tokens withou...

8.1CVSS5.8AI score0.00035EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/29 12:46 p.m.29 views

CVE-2026-44237 FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

7.6CVSS0.00035EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 12:46 p.m.9 views

CVE-2026-44237 FreePBX: Authenticated Access can lead to Subsequent OAuth2 Authentication Bypass in API Module

FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid clientid is required. The validateClient method in ClientRepository.php unconditionally returns true,...

7.6CVSS5.8AI score0.00035EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 12:34 p.m.30 views

CVE-2026-45551 Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting Write

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS0.00048EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 11:16 a.m.9 views

CVE-2026-46579

A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client- headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client- headers. As a resul...

7.5CVSS0.00033EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/29 9:50 a.m.42 views

CVE-2026-46579 Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client- headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client- headers. As a resul...

7.4CVSS0.00033EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/29 9:50 a.m.11 views

CVE-2026-46579 Openshift/router: openshift/router: mtls client certificate spoofing via unstripped x-ssl-client headers on http frontend

A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client- headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client- headers. As a resul...

7.4CVSS5.7AI score0.00033EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/29 9:50 a.m.7 views

EUVD-2026-33274

A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client- headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client- headers. As a resul...

7.4CVSS5.7AI score0.00033EPSS
Exploits0References2
Rows per page
Query Builder