Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

457183 matches found

CVE
CVEadded 5 days ago25 views

CVE-2026-55603

CVE-2026-55603 affects http-proxy-middleware (Node.js). In versions 3.0.4–3.0.7 and 4.1.1, fixRequestBody() rebuilds multipart/form-data by interpolating req.body into the wire format without neutralizing CR/LF. This can let an attacker inject a new multipart part (via unescaped CRLF in keys/valu...

7.5CVSS5.9AI score0.00243EPSS
Exploits1References1Affected Software1
NVD
NVDadded 5 days ago9 views

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

6.1CVSS0.0016EPSS
Exploits1References1
NVD
NVDadded 5 days ago11 views

CVE-2026-11834

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.004EPSS
Exploits1References8
CVE
CVEadded 5 days ago10 views

CVE-2026-44271

Dell Wyse Management Suite (WMS) prior to version 2605 is affected by an SQL Injection vulnerability due to improper neutralization of special elements in SQL commands. A low-privilege, remote attacker could exploit this with network access to gain unauthorized access. Affected component is the W...

8.8CVSS6AI score0.00237EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 5 days ago5 views

EUVD-2026-38345

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.1CVSS6AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago32 views

CVE-2026-44271

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.1CVSS0.00237EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 5 days ago3 views

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS6AI score0.00244EPSS
Exploits0References2
EUVD
EUVDadded 5 days ago4 views

EUVD-2026-38343

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS6AI score0.00244EPSS
Exploits0References1
CVE
CVEadded 5 days ago8 views

CVE-2026-44272

Dell Wyse Management Suite (WMS) is affected by an SQL Injection vulnerability (Improper Neutralization of Special Elements used in SQL commands) in versions prior to WMS 2605. A low-privilege, remotely connected attacker could exploit this to achieve unauthorized access. CVSS 3.1 base metrics in...

8.8CVSS6AI score0.00244EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 5 days ago31 views

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS0.00244EPSS
Exploits0References1
NVD
NVDadded 5 days ago10 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

7.5CVSS0.00273EPSS
Exploits0References2
EUVD
EUVDadded 5 days ago7 views

EUVD-2026-38339

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.004EPSS
Exploits1References7
Vulnrichment
Vulnrichmentadded 5 days ago6 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.004EPSS
Exploits1References8
CVE
CVEadded 5 days ago11 views

CVE-2026-11834

CVE-2026-11834 describes a command-injection vulnerability in the DHCP option processing logic of multiple TP-Link routers, caused by insufficient validation of externally supplied DHCP option data. An adjacent attacker can exploit this by sending crafted DHCP responses, potentially during device...

8.7CVSS5.9AI score0.004EPSS
Exploits1References8
Cvelist
Cvelistadded 5 days ago30 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS0.004EPSS
Exploits1References8
CVE
CVEadded 5 days ago9 views

CVE-2026-54298

Astro, prior to 6.4.6, is vulnerable to XSS via unescaped attribute names when spreading props onto HTML elements. The spreadAttributes path iterates over object keys and passes them to addAttribute, which interpolates the key into the HTML output without escaping, allowing attackers to inject ev...

6.1CVSS6AI score0.0016EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKBadded 5 days ago4 views

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

6.1CVSS6AI score0.0016EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linuxadded 5 days ago12 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.0066EPSS
Exploits7References11
CVE
CVEadded 5 days ago18 views

CVE-2026-10789

Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...

9.6CVSS6.2AI score0.00291EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKBadded 5 days ago4 views

CVE-2026-50269

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...

6.9CVSS5.8AI score0.00273EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder