Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

13578 matches found

OSV
OSVβ€’added 2026/04/27 3:39 p.m.β€’20 views

USN-8212-1 authd vulnerability

It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users...

7.3CVSS5.4AI score0.0011EPSS
Exploits0References2
CNNVD
CNNVDβ€’added 2026/04/27 12:0 a.m.β€’6 views

AutoForge θ·―εΎ„ιεŽ†ζΌζ΄ž

AutoForge is an intelligent coding proxy tool open source by AutoForgeAI. Version 79d02a of AutoForge contains a path traversal vulnerability, which stems from path traversal in UI/static components. This vulnerability could allow attackers to access arbitrary files...

7.5CVSS5.9AI score0.00446EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusβ€’added 2026/04/27 12:0 a.m.β€’6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References4
CNNVD
CNNVDβ€’added 2026/04/27 12:0 a.m.β€’9 views

ProjeQtOr θ·―εΎ„ιεŽ†ζΌζ΄ž

ProjeQtOr is a project management software developed by the French company ProjeQtOr. Versions 7.0 to 12.4.3 of ProjeQtOr contain a path traversal vulnerability. This vulnerability stems from the lack of validation of the directory traversal sequence in the logname parameter of the...

7.1CVSS5.8AI score0.00541EPSS
Exploits0References6
OSV
OSVβ€’added 2026/04/25 5:48 a.m.β€’7 views

OESA-2026-2012 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
OSV
OSVβ€’added 2026/04/25 5:48 a.m.β€’7 views

OESA-2026-2011 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
OSV
OSVβ€’added 2026/04/25 5:48 a.m.β€’16 views

OESA-2026-2009 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.3AI score0.00324EPSS
Exploits1References2
OSV
OSVβ€’added 2026/04/25 5:48 a.m.β€’5 views

OESA-2026-2010 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
OSV
OSVβ€’added 2026/04/25 5:48 a.m.β€’3 views

OESA-2026-2008 python-lxml security update

\ Security Fixes: lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References2
NVD
NVDβ€’added 2026/04/24 5:16 p.m.β€’2 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS0.00324EPSS
Exploits1References2
PyPA
PyPAβ€’added 2026/04/24 5:16 p.m.β€’18 views

PYSEC-2026-87

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References2Affected Software1
OSV
OSVβ€’added 2026/04/24 5:16 p.m.β€’5 views

PYSEC-2026-87

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References2
OSV
OSVβ€’added 2026/04/24 5:16 p.m.β€’4 views

ALPINE-CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.4AI score0.00324EPSS
Exploits1References1
AlpineLinux
AlpineLinuxβ€’added 2026/04/24 4:45 p.m.β€’6 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.4AI score0.00324EPSS
Exploits1
EUVD
EUVDβ€’added 2026/04/24 4:45 p.m.β€’3 views

EUVD-2026-25572

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.2AI score0.00324EPSS
Exploits1References2
Vulnrichment
Vulnrichmentβ€’added 2026/04/24 4:45 p.m.β€’11 views

CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.2AI score0.00324EPSS
Exploits1References2
CVE
CVEβ€’added 2026/04/24 4:45 p.m.β€’72 views

CVE-2026-41066

CVE-2026-41066 affects the Python XML/HTML library lxml . In versions prior to 6.1.0, using the two parsers with the default setting resolve_entities=True allows untrusted XML input to read local files. Setting the option to resolve_entities='internal' or resolve_entities=False disables local fil...

7.5CVSS5.2AI score0.00324EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKBβ€’added 2026/04/24 2:24 a.m.β€’6 views

CVE-2026-40254

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...

4.2CVSS5.8AI score0.002EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDβ€’added 2026/04/24 12:0 a.m.β€’8 views

melange θ·―εΎ„ιεŽ†ζΌζ΄ž

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.32.0 to 0.43.4 had a path traversal vulnerability. This vulnerability stemmed from insufficient validation of the pipeline.uses parameter, allowing attackers to read arbitrary YAML files a...

6.1CVSS6AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelistβ€’added 2026/04/23 2:46 p.m.β€’26 views

CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting

Kofax Capture, now referred to as Tungsten Capture, version 6.0.0.0 other versions may be affected exposes a deprecated .NET Remoting HTTP channel on port 2424 via the Ascent Capture Service that is accessible without authentication and uses a default, publicly known endpoint identifier. An...

9.8CVSS0.00883EPSS
Exploits0References3
Rows per page
Query Builder