Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

11781 matches found

CVE
CVEadded 2026/05/29 1:53 p.m.18 views

CVE-2026-41159

Mermaid (mermaid-js) contains a CSS injection vulnerability (CVE-2026-41159) affecting prior releases. Before fixes in v10.9.6 and v11.15.0, its default config allows injecting CSS via fontFamily, themeCSS, and altFontFamily. The injected CSS exploits stylis’s scope handling, where :not(&) escape...

5.3CVSS5.8AI score0.00057EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/05/29 11:16 a.m.11 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS0.00033EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 9:30 a.m.7 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00033EPSS
Exploits0References3
CVE
CVEadded 2026/05/29 9:30 a.m.12 views

CVE-2026-10078

The CVE-2026-10078 entry concerns Quay config-tool’s GitLab OAuth validator. The vulnerability causes client_id and client_secret to be sent in plaintext via URL query parameters during POST requests to the GitLab endpoint, enabling potential exposure of credentials in logs (server access logs, r...

2.7CVSS5.7AI score0.00033EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/29 9:30 a.m.8 views

CVE-2026-10078 Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00033EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/29 9:30 a.m.11 views

EUVD-2026-33272

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00033EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 9:16 a.m.11 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS0.0003EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/29 9:12 a.m.11 views

CVE-2026-10078

A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...

2.7CVSS5.7AI score0.00033EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/29 7:59 a.m.6 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.0003EPSS
Exploits0References3
CVE
CVEadded 2026/05/29 7:59 a.m.12 views

CVE-2026-10052

The CVE-2026-10052 entry describes a flaw in Quay config-tool where LDAP and SMTP validation endpoints can initiate outbound connections to user-supplied endpoints. With config editor access, an attacker can trigger requests from the Quay pod, enabling potential internal network reconnaissance an...

4.1CVSS5.8AI score0.0003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/29 7:59 a.m.6 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.0003EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/29 7:59 a.m.9 views

CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.0003EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/29 7:59 a.m.31 views

CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS0.0003EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/29 7:59 a.m.10 views

EUVD-2026-33260

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.0003EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/05/29 1:22 a.m.8 views

SUSE CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00012EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2026/05/29 12:0 a.m.7 views

CVE-2026-23679

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength...

6.9CVSS5.9AI score0.00012EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.7 views

PT-2026-44911

Name of the Vulnerable Software and Affected Versions Axios versions 0.19.0 through 0.31.0 Axios versions 1.x through 1.15.1 Description Axios contains prototype-pollution gadgets in its request configuration processing. If a separate vulnerability in the same JavaScript process allows an attacke...

7CVSS5.5AI score
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/29 12:0 a.m.8 views

PT-2026-44761

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.0003EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/05/29 12:0 a.m.6 views

OpenSC 安全漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack and heap buffer overflow vulnerability in the dokeyvalue function located in src/pkcs15init/profile.c. Thi...

3.8CVSS6AI score0.00006EPSS
Exploits0References2
Packet Storm
Packet Stormadded 2026/05/29 12:0 a.m.30 views

📄 MeiG Smart FORGE_SLT711 Command Injection

MeiG Smart FORGESLT711 proof of concept remote command injection exploit. Exploit Title: MeiG Smart FORGESLT711 - OS Command Injection Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.meigsmart.com Software Link: N/A firmware distributed via carrier channels Version:...

9.1CVSS5.8AI score0.05643EPSS
Exploits3
Rows per page
Query Builder