Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25160 matches found

CVE
CVEadded 2026/05/12 4:59 p.m.31 views

CVE-2026-40397

CVE-2026-40397 describes an integer underflow (wrap/wraparound) in the Windows Common Log File System Driver that enables a locally authenticated attacker to elevate privileges. The description indicates a local, privileges-required (low), no user interaction vulnerability with high impact to con...

7.8CVSS5.9AI score0.00273EPSS
Exploits0References1Affected Software14
Vulnrichment
Vulnrichmentadded 2026/05/12 4:59 p.m.2 views

CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

7.8CVSS5.8AI score0.00273EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 4:59 p.m.4 views

CVE-2026-40397

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00273EPSS
Exploits0References2Affected Software20
Cvelist
Cvelistadded 2026/05/12 4:59 p.m.28 views

CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

7.8CVSS0.00273EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 4:58 p.m.28 views

CVE-2026-40407

CVE-2026-40407 describes a heap-based buffer overflow in the Windows Common Log File System (CLFS) Driver that permits an authorized, local attacker to elevate privileges. The vulnerability impact is local privilege escalation with a CVSS v3.1 base score of 7.8 (HIGH) and impact to confidentialit...

7.8CVSS5.9AI score0.00304EPSS
Exploits0References1Affected Software14
Vulnrichment
Vulnrichmentadded 2026/05/12 4:58 p.m.5 views

CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

7.8CVSS5.8AI score0.00304EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 4:58 p.m.5 views

CVE-2026-40407

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00304EPSS
Exploits0References2Affected Software20
Cvelist
Cvelistadded 2026/05/12 4:58 p.m.27 views

CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

7.8CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 4:54 p.m.25 views

CVE-2026-25690

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

4.3CVSS0.00241EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/12 4:54 p.m.5 views

CVE-2026-25690

An improper neutralization of argument delimiters in a command 'argument injection' vulnerability in Fortinet FortiDeceptor 6.0.0 through 6.0.2, FortiDeceptor 5.3.0 through 5.3.3, FortiDeceptor 5.2.0 through 5.2.1, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions may allow an...

4.3CVSS5.8AI score0.00241EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 3:16 p.m.5 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

4.4CVSS0.00176EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2026/05/12 3:8 p.m.6 views

Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option

Summary When dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options are JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine's logging path. The logger opens the...

8.2CVSS6AI score0.00243EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/12 2:18 p.m.4 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

4.4CVSS5.8AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 2:18 p.m.30 views

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

4.4CVSS0.00176EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 2:18 p.m.10 views

CVE-2026-7431

Affected product: Ivanti Secure Access Client. Vulnerabilities (pre-22.8R6): 7431 involves an incorrect permission assignment on a critical resource, enabling a local authenticated user to read/modify sensitive log data via write access to a shared memory section. 7432 is a race condition that al...

4.4CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVEadded 2026/05/12 2:0 p.m.5 views

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS6AI score0.00304EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/05/12 2:0 p.m.4 views

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS6AI score0.00273EPSS
Exploits0
Cvelist
Cvelistadded 2026/05/12 1:57 p.m.28 views

CVE-2026-43938 YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...

8.1CVSS0.00282EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 1:57 p.m.4 views

CVE-2026-43938

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...

8.1CVSS5.8AI score0.00282EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/12 1:57 p.m.7 views

CVE-2026-43938 YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...

8.1CVSS5.8AI score0.00282EPSS
Exploits0References1
Rows per page
Query Builder