Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

68 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:38 p.m.6 views

CVE-2026-21020

Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions...

7.8CVSS5.4AI score0.00094EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:11 p.m.7 views

CVE-2026-44008

A flaw was found in vm2 before 3.11.2. The neutralizeArraySpeciesBatch method can invoke host-side getters on array prototypes, exposing host objects and the host Function into the sandbox for escape and arbitrary command execution. Fixed in 3.11.2...

9.8CVSS6.2AI score0.00623EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2026/06/05 9:1 a.m.8 views

CVE-2026-6274 Authentication Bypass in DTS Electronics' Redline WR3200

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/05 12:0 a.m.15 views

PT-2026-46912

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/15 2:45 a.m.13 views

EUVD-2025-209878

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

5.3CVSS5.8AI score0.00207EPSS
Exploits0References1
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.3 views

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC taprio, cbs, gate, police are configured through a mix of command BD ring messages and port registers: enetcportrd, enetcportwr. Port...

5.5CVSS7.7AI score0.00225EPSS
Exploits0References2
Veracode
Veracodeadded 2026/04/16 11:15 a.m.6 views

Improper Access Control.

Vite is vulnerable to improper access control. The vulnerability is due to missing Origin header validation in the WebSocket connection path, which allows an attacker to invoke internal functions and retrieve arbitrary server files via crafted WebSocket requests...

8.2CVSS5.9AI score0.02292EPSS
Exploits3References5Affected Software1
Veracode
Veracodeadded 2026/03/24 2:12 p.m.8 views

Arbitrary Code Injection

SandboxJS is vulnerable to Arbitrary Code Injection. The vulnerability is due to improper isolation allowing access to Function via arrays and object construction, which allows an attacker to escape the sandbox and execute arbitrary code...

10CVSS6.1AI score0.00547EPSS
Exploits1References5Affected Software1
NVD
NVDadded 2026/03/05 6:16 a.m.10 views

CVE-2026-28135

Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Royal Elementor Addons: from n/a through = 1.7.1052...

8.2CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/13 1:9 p.m.28 views

CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation. This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36...

8.8CVSS0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/02/13 12:0 a.m.4 views

PT-2026-7988

Name of the Vulnerable Software and Affected Versions Universal Software Inc. FlexCity/Kiosk versions prior to 1.0.36 Description A flaw exists in Universal Software Inc. FlexCity/Kiosk that allows accessing functionality not properly constrained by Access Control Lists ACLs, potentially leading ...

8.8CVSS5.5AI score0.00361EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2026/02/05 12:0 a.m.6 views

PT-2026-6648

Name of the Vulnerable Software and Affected Versions SandboxJS versions prior to 0.8.29 Description SandboxJS is a JavaScript sandboxing library affected by an issue where the return values of functions are not properly wrapped. This allows attackers to use Object.values or Object.entries to...

10CVSS6.7AI score0.00782EPSS
Exploits1References12
Veracode
Veracodeadded 2026/02/03 5:46 a.m.7 views

Remote Code Execution (RCE)

SandboxJS is vulnerable to Remote Code Execution RCE. The vulnerability is due to missing isolation and replacement of AsyncFunction and related function constructors, which allows an attacker to access the native host AsyncFunction via the .constructor property and execute arbitrary code outside...

10CVSS6.2AI score0.01122EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVEadded 2026/01/09 11:55 a.m.7 views

CVE-2018-4379

A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1...

5.5CVSS6.1AI score0.00322EPSS
Exploits0References1
CVE
CVEadded 2025/11/04 3:19 a.m.11 views

CVE-2025-47357

CVE-2025-47357 describes an information-disclosure vulnerability in Qualcomm chipsets where a user-level driver can perform QFPROM read or write operations on fuse regions. The root cause is consistently described as an access-control/authorization issue that allows local (user-level) operations ...

8CVSS6.1AI score0.00067EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVEadded 2025/10/24 11:24 p.m.2 views

SUSE CVE-2025-40023

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMGPCIECAP0x138340 register nor access PCODE already guarded by the info.skippcode flag so we shouldn't expose attributes that require any of them to...

6.4AI score0.00168EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2016-7721

Malware in sbrugna...

6CVSS6.4AI score0.004EPSS
Exploits0References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2018-16174

Malware in sbrugna...

4.6CVSS7.2AI score0.00327EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.10 views

EUVD-2023-55021

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.00696EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2025-28327

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder