Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

52177 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/27 2:26 p.m.8 views

CVE-2026-44988

LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but it does not reject Tight rectangles whose width is larger than 2048 pixels. A malicious VNC serve...

8.8CVSS5.8AI score0.00042EPSS
Exploits0References3Affected Software1
SUSE Linux
SUSE Linuxadded 2026/05/27 2:21 p.m.7 views

Security update for redis

This update for redis fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...

7.7CVSS6.5AI score0.00119EPSS
Exploits4References12
NVD
NVDadded 2026/05/27 2:17 p.m.8 views

CVE-2026-9704

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

8.8CVSS0.00049EPSS
Exploits0References4
NVD
NVDadded 2026/05/27 2:17 p.m.11 views

CVE-2026-46098

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

0.00032EPSS
Exploits0References8
NVD
NVDadded 2026/05/27 2:17 p.m.10 views

CVE-2026-45972

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

9.8CVSS0.00072EPSS
Exploits0References6
OSV
OSVadded 2026/05/27 2:17 p.m.2 views

UBUNTU-CVE-2026-45877

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtpbusremoveallclients During a warm reset flow, the cl-device pointer may be NULL if the reset occurs while clients are still being enumerated. Accessing cl-device-referencecount witho...

5.6AI score0.00023EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 2:17 p.m.4 views

UBUNTU-CVE-2026-45972

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF and double free in smb2openfile Zero out @erriov and @errbuftype before retrying SMB2open to prevent an UAF bug if @data != NULL, otherwise a double free...

9.8CVSS5.7AI score0.00072EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 2:17 p.m.2 views

UBUNTU-CVE-2026-46098

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

5.7AI score0.00032EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 2:16 p.m.7 views

DEBIAN-CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

6.3CVSS5.8AI score0.00051EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 12:59 p.m.15 views

CVE-2026-46098

CVE-2026-46098 affects the Linux kernel’s CAIF net subsystem. The issue arises when caif_connect() tears down a client via caif_disconnect_client() and caif_free_client(), where caif_free_client() releases the service layer pointer (adap_layer->dn) but leaves the pointer stale. If the socket i...

5.8AI score0.00032EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2026/05/27 12:59 p.m.7 views

CVE-2026-46098

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

5.7AI score0.00032EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/27 12:59 p.m.4 views

CVE-2026-46098

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

5.7AI score0.00032EPSS
Exploits0References9Affected Software1
EUVD
EUVDadded 2026/05/27 12:59 p.m.9 views

EUVD-2026-32481

In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown caifconnect can tear down an existing client after remote shutdown by calling caifdisconnectclient followed by caiffreeclient. caiffreeclient releases the service layer referenc...

5.8AI score0.00032EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/27 12:58 p.m.35 views

CVE-2026-46097 Input: edt-ft5x06 - fix use-after-free in debugfs teardown

In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e "Input: edt-ft5x06 - use per-client debugfs directory" removed the manual debugfs teardown, relying on the I2C core to handle it. However, this...

0.00022EPSS
Exploits0References3
CVE
CVEadded 2026/05/27 12:56 p.m.14 views

CVE-2026-46026

The CVE-2026-46026 issue affects Linux kernel net: qrtr: ns, where the code previously did not bound the number of lookups a client could perform. A malicious local client could flood NEW_LOOKUP messages on the same socket despite local restrictions. The fix limits the maximum lookups to 64 globa...

5.8AI score0.00024EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/27 12:56 p.m.40 views

CVE-2026-9704 Keycloak: keycloak: privilege escalation due to oversized subject_token jwt

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

6.8CVSS0.00049EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/27 12:56 p.m.6 views

CVE-2026-9704

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

6.8CVSS5.8AI score0.00049EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/27 12:56 p.m.7 views

CVE-2026-9704 Keycloak: keycloak: privilege escalation due to oversized subject_token jwt

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

6.8CVSS5.8AI score0.00049EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/27 12:56 p.m.8 views

EUVD-2026-32300

A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subjecttoken JSON Web Token JWT to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client...

6.8CVSS5.8AI score0.00049EPSS
Exploits0References2
Snyk
Snykadded 2026/05/27 12:45 p.m.3 views

Improper Validation of Specified Quantity in Input

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the TokenEndpoint endpoint when an oversized subjecttok...

8.8CVSS5.4AI score0.00049EPSS
Exploits0References2
Rows per page
Query Builder