Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

111387 matches found

OSV
OSVadded 2026/06/08 1:15 p.m.6 views

JLSEC-2026-578

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...

5.3CVSS7.4AI score0.06457EPSS
Exploits0References26
OSV
OSVadded 2026/06/08 1:15 p.m.6 views

JLSEC-2026-577

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded...

9.8CVSS7.2AI score0.0523EPSS
Exploits0References32
ATTACKERKB
ATTACKERKBadded 2026/06/08 12:7 p.m.5 views

CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

4.8CVSS5.2AI score0.00142EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/06/08 11:45 a.m.17 views

CVE-2026-11511

The CVE-2026-11511 affects Bolt CMS up to version 3.7.5, specifically a weakness in the file src/Storage/Field/Type/TextType.php within the HTML Attribute Handler. The issue enables remote HTML injection when an attacker manipulates the argument style. It is exploitable remotely and an exploit ha...

5.1CVSS5.3AI score0.00191EPSS
Exploits0References4
CVE
CVEadded 2026/06/08 9:28 a.m.27 views

CVE-2026-9506

The CVE-2026-9506 issue affects Bagisto in the ImageCacheController where improper validation of user-supplied input enables path traversal via the filename parameter. This unauthenticated remote attacker could read arbitrary sensitive files outside the intended directory, as stated in the connec...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/08 9:28 a.m.3 views

CVE-2026-9506

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/06/08 9:28 a.m.10 views

EUVD-2026-35036

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/08 9:28 a.m.5 views

CVE-2026-9506 Path Traversal Vulnerability in Bagisto

This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by sending crafted path traversal sequences through the filename parameter to access arbitrary files...

8.7CVSS5.7AI score0.00455EPSS
Exploits0References1
NCSC
NCSCadded 2026/06/08 8:31 a.m.18 views

Vulnerabilities present in IBM Aspera High-Speed Transfer Endpoint and Server

IBM has identified vulnerabilities in the IBM Aspera High-Speed Transfer Endpoint and Server versions 3.7.4 through 4.4.7 Fix Pack 1. These vulnerabilities reside in the asperahttpd component of the IBM Aspera High-Speed Transfer Endpoint and Server products. A buffer overflow can lead to...

9.8CVSS6.1AI score0.00529EPSS
Exploits0References1
NVD
NVDadded 2026/06/08 5:16 a.m.13 views

CVE-2026-11487

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

5.3CVSS0.00922EPSS
Exploits0References8
CVE
CVEadded 2026/06/08 4:15 a.m.26 views

CVE-2026-11487

CVE-2026-11487 affects Neovim up to 0.12.2. The vulnerability resides in the M.read function of runtime/lua/vim/secure.lua (View Branch). Manipulation of the argument path can lead to local command injection. An exploit has been published and may be used locally. A patch identified by f83e0dcaf8c...

5.3CVSS5.5AI score0.00922EPSS
Exploits0References8
RedHat Linux
RedHat Linuxadded 2026/06/08 3:27 a.m.21 views

kernel: netfilter: nf_tables: release flowtable after rcu grace period on error

A flaw was found in the Linux kernel's netfilter component, specifically within the nftables subsystem. An error in releasing a flowtable after an RCU Read-Copy-Update grace period could lead to a use-after-free vulnerability. This issue could expose the flowtable to the packet path and...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References5
NVD
NVDadded 2026/06/08 2:16 a.m.11 views

CVE-2022-50953

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS0.00313EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/06/08 2:7 a.m.6 views

xorg: xwayland: X.Org X server: Information disclosure or Denial of Service via out-of-bounds read in XKB modifier map handling

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB X Keyboard Extension modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory...

9.1CVSS5.4AI score0.00397EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2026/06/08 2:7 a.m.7 views

xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

9.1CVSS5.4AI score0.00397EPSS
Exploits0References4
CVE
CVEadded 2026/06/08 1:55 a.m.11 views

CVE-2022-50953

The CVE concerns the WordPress plugin admin-word-count-column version 2.2 . A vulnerability allows unauthenticated local file read via crafted requests to download-csv.php, exploiting a null byte injection in the path parameter to bypass restrictions and read arbitrary files (e.g., system configu...

6.9CVSS5.6AI score0.00313EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/08 1:55 a.m.6 views

EUVD-2022-56000

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS5.6AI score0.00313EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/06/08 1:55 a.m.6 views

CVE-2022-50953

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS5.6AI score0.00313EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/08 1:55 a.m.4 views

CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS5.6AI score0.00313EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/06/08 1:55 a.m.41 views

CVE-2022-50953 WordPress Plugin admin-word-count-column 2.2 Local File Read

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path parameter. Attackers can send GET requests to download-csv.php with a crafted path parameter containing...

6.9CVSS0.00313EPSS
Exploits0References3
Rows per page
Query Builder