Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18779 matches found

NVD
NVDadded 2026/04/19 9:16 a.m.1 views

CVE-2026-6562

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be use...

7.5CVSS0.0004EPSS
Exploits0References4
Snyk
Snykadded 2026/04/18 1:25 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackSonyDPD function when parsing the FormFlag field due to missing bounds checking before reading data. An attacker can cause information disclosure or application instability by supplying crafted input...

5.2CVSS5.8AI score0.00009EPSS
Exploits0References2
Snyk
Snykadded 2026/04/18 1:25 a.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackSonyDPD function when parsing the enumeration count from a buffer without verifying sufficient data remains. An attacker can cause information disclosure or application instability by providing a craft...

6.1CVSS5.9AI score0.00009EPSS
Exploits0References2
Circl
Circladded 2026/04/18 1:18 a.m.2 views

GHSA-V7XQ-3WX6-FQC2

creationtimestamp| type| source ---|---|--- 2026-04-18 01:18:04+00:00| published-proof-of-concept| Telegram/u5f3Gra6Haipf3VJEB4yu-gwc95-0FLxvYnhbIvKSTo7fn8...

4.8AI score
Exploits0
Circl
Circladded 2026/04/17 11:20 p.m.2 views

GHSA-XJW8-8C5C-9R79

creationtimestamp| type| source ---|---|--- 2026-04-17 23:20:34+00:00| published-proof-of-concept| Telegram/tNtN6ajST1i0hZ4W2szdcVpxF1Em9wIkkVyc-W9Ntpka1A...

4.8AI score
Exploits0
Circl
Circladded 2026/04/17 11:20 p.m.1 views

GHSA-666R-V2M7-XGP9

creationtimestamp| type| source ---|---|--- 2026-04-17 23:20:07+00:00| published-proof-of-concept| Telegram/nSRvyMMuDO4LVDIhCRx7gx27JwRYoRyOv-3439P5STagmw...

4.8AI score
Exploits0
Circl
Circladded 2026/04/17 9:22 p.m.1 views

CVE-2025-15480

creationtimestamp| type| source ---|---|--- 2026-04-17 21:22:23+00:00| published-proof-of-concept| Telegram/JhfklXuL4NqYo-RTqGvH7YibwHHr1ywA0feToUY8cxVGalU...

9.1CVSS4.8AI score0.00057EPSS
Exploits0
Circl
Circladded 2026/04/17 5:30 p.m.4 views

CVE-2025-12455

creationtimestamp| type| source ---|---|--- 2026-04-17 17:30:37+00:00| published-proof-of-concept| Telegram/99IlCPIS9qBv42yzAhiUHqlKgiNRb4WP8dx5pH1uskzhuw...

7.5CVSS4.8AI score0.00049EPSS
Exploits0
EUVD
EUVDadded 2026/04/17 3:31 p.m.1 views

EUVD-2026-23417

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

5.3CVSS5.3AI score0.0005EPSS
Exploits0References5
NVD
NVDadded 2026/04/17 1:16 p.m.2 views

CVE-2026-6487

A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument path causes path traversal. The attack is possible to be carried out remotely. The exploit has been...

5.3CVSS0.0005EPSS
Exploits0References4
CVE
CVEadded 2026/04/17 12:30 p.m.8 views

CVE-2026-6487

CVE-2026-6487 affects Qihui jtbc5 CMS 5.0.3.6. A flaw in an unknown function within /dev/code/common/diplomat/manage.php allows path traversal via the Code Endpoint component. The vulnerability is remotely exploitable; exploitation appears to be published. Vendor response to disclosure is not pro...

5.3CVSS5.3AI score0.0005EPSS
Exploits0References4
Circl
Circladded 2026/04/17 3:16 a.m.2 views

GHSA-9PR4-RF97-79QH

creationtimestamp| type| source ---|---|--- 2026-04-17 03:16:02+00:00| published-proof-of-concept| Telegram/OCRuCpCrMYyNHl7tK2WvZ5-EwER3iqlB4XvdcqwHWSldrs...

4.8AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2026/04/17 12:0 a.m.1 views

PT-2026-33458

Name of the Vulnerable Software and Affected Versions lukevella rallly versions prior to 4.8.0 Description A flaw in the Reset Password Handler component within the file 'apps/web/src/app/locale/auth/reset-password/components/reset-password-form.tsx' allows for remote cross site scripting. This...

5.1CVSS4.6AI score0.00013EPSS
Exploits0References10
Snyk
Snykadded 2026/04/16 6:31 p.m.1 views

Insufficient Entropy

Overview Affected versions of this package are vulnerable to Insufficient Entropy due to insufficient randomness in the hash seed generation process. An attacker can cause excessive CPU consumption by submitting specially crafted XML documents that trigger hash collisions. Remediation Upgrade exp...

8.7CVSS5.8AI score0.00013EPSS
Exploits0References2
Snyk
Snykadded 2026/04/16 12:0 a.m.3 views

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' while handling a specially crafted XML Schema Definition XSD validated document containing an internal entity reference. An attacker can cause the application to crash by...

7.5CVSS5.8AI score0.00045EPSS
Exploits1References2
Circl
Circladded 2026/04/15 3:20 p.m.4 views

GHSA-6HW5-45GM-FJ88

creationtimestamp| type| source ---|---|--- 2026-04-15 15:20:23+00:00| published-proof-of-concept| Telegram/uZRx6HZozAc0thMR3KKbNyvZVgKIzeeLzgWMgVKyfbYH8EA...

4.8AI score
Exploits0
Circl
Circladded 2026/04/15 1:19 a.m.3 views

GHSA-5HVV-M4W4-GF6V

creationtimestamp| type| source ---|---|--- 2026-04-15 01:19:21+00:00| published-proof-of-concept| Telegram/GYbH54sRbOOqgznzSrvNbIPKqa8TpEiUvDUzTYtUUyxy-E...

4.8AI score
Exploits0
Snyk
Snykadded 2026/04/14 11:41 p.m.3 views

Infinite loop

Overview iodine is a fast HTTP / Websocket Server with built-in Pub/Sub support with or without Redis, static file support and many other features, optimized for Ruby MRI on Linux / BSD / macOS. Affected versions of this package are vulnerable to Infinite loop through the fiojsonparse function. A...

8.7CVSS5.8AI score0.0006EPSS
Exploits0References2
Circl
Circladded 2026/04/14 11:22 p.m.3 views

GHSA-CRC6-R6C7-44Q3

creationtimestamp| type| source ---|---|--- 2026-04-14 23:22:29+00:00| published-proof-of-concept| Telegram/70ang71mEb6lYSNq2VZHiuuV7i7KfipPcLMkKoGk9-znXQ...

4.8AI score
Exploits0
Circl
Circladded 2026/04/14 11:19 p.m.3 views

CVE-2026-41206

creationtimestamp| type| source ---|---|--- 2026-04-14 23:19:41+00:00| published-proof-of-concept| https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-vp22-38m5-r39r...

7.8CVSS5.8AI score0.00021EPSS
Exploits1References1
Rows per page
Query Builder