Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36034 matches found

Cvelist
Cvelistadded last week24 views

CVE-2025-48648

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00006EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded last week5 views

CVE-2025-48648

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00006EPSS
Exploits0References1
CVE
CVEadded last week12 views

CVE-2025-48648

Technical details about CVE-2025-48648 are not publicly available in the provided documents. The descriptions only reiterate a potential local DoS in NotificationManagerService.java without specifics on affected versions, root cause, or remediation. Monitor for updates.

5.5CVSS5.9AI score0.00006EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/01 12:0 a.m.9 views

PT-2026-45568

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00006EPSS
Exploits0References2
OSV
OSVadded 2026/06/01 12:0 a.m.5 views

ASB-A-396667508

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00006EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/31 4:15 p.m.8 views

EUVD-2026-33515

A security flaw has been discovered in OFCMS up to 1.1.3. The impacted element is the function Query of the file ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\ComnController.java of the component ComnController. Performing a manipulation of the argument system.user.query results in sq...

6.5CVSS6.4AI score0.00031EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/05/31 12:0 a.m.8 views

PT-2026-45211

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.2.2 Description The 'partitioned dag runs' endpoints in the UI enforce only asset-level access control instead of per-Dag authorization. This allows an authenticated UI or API user with global Asset:read...

4.3CVSS5.4AI score0.00051EPSS
Exploits0References9
Snyk
Snykadded 2026/05/29 10:2 p.m.7 views

Malicious Package

Overview axis-notification is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
CVE
CVEadded 2026/05/29 7:51 p.m.10 views

CVE-2026-47123

FreeScout (PHP/Laravel) prior to 1.8.220 is affected. The FetchEmails command has two paths to identify agent replies via In-Reply-To / References headers. The notification path (notify-{thread_id}-{user_id}-…) derives thread_id and user_id from Message-ID without HMAC verification, enabling an e...

7.5CVSS5.9AI score0.00018EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/29 7:51 p.m.11 views

CVE-2026-47123

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00018EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/29 7:51 p.m.7 views

EUVD-2026-33440

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00018EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/29 7:51 p.m.26 views

CVE-2026-47123 FreeScout: Agent Impersonation via Missing HMAC Verification on Notification Reply Message-ID Path

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS0.00018EPSS
Exploits0References2
NVD
NVDadded 2026/05/29 7:16 p.m.12 views

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

8.7CVSS0.00064EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 6:15 p.m.27 views

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

8.7CVSS0.00064EPSS
Exploits0References1
CVE
CVEadded 2026/05/29 6:15 p.m.13 views

CVE-2026-49368

CVE-2026-49368 affects JetBrains YouTrack prior to version 2026.1.13162. The issue is a stored XSS in project notification templates. According to the entry, the vulnerability can be triggered remotely (attack vector: NETWORK) with low privileges required and user interaction needed, leading to h...

8.7CVSS5.8AI score0.00064EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 6:15 p.m.9 views

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

8.7CVSS5.8AI score0.00064EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 6:15 p.m.9 views

EUVD-2026-33416

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

8.7CVSS5.8AI score0.00064EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 6:15 p.m.6 views

CVE-2026-49368

In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible...

8.7CVSS5.8AI score0.00064EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/29 8:28 a.m.6 views

CVE-2026-9189 Contact Form 7 – PayPal & Stripe Add-on <= 2.4.9 - Unauthenticated Payment Bypass via Insufficient Verification of Data Authenticity via PayPal IPN Handler ('invoice'/'mc_gross' Verification)

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

5.3CVSS5.9AI score0.00044EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/05/29 8:28 a.m.9 views

CVE-2026-9189

The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Payment Bypass via Insufficient Verification of Data Authenticity in all versions up to, and including, 2.4.9. Although cf7pppaypalipnhandler correctly validates IPN authenticity by posting back to PayPal with...

5.3CVSS5.9AI score0.00044EPSS
Exploits0References9
Rows per page
Query Builder