Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21786 matches found

EUVD
EUVDadded 2026/05/28 9:36 a.m.8 views

EUVD-2026-32797

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the last reference being held, the sk would not be freed. sockput should...

5.7AI score0.00127EPSS
Exploits0References3
CVE
CVEadded 2026/05/28 9:36 a.m.23 views

CVE-2026-46170

CVE-2026-46170 affects the Linux kernel MPTCP implementation. When ADD_ADDR is retransmitted, the socket reference counting can fail to free the sk, which may trigger indefinite waiting in timer synchronization and cause a DoS. The root cause is improper timer handling during sk_free that could c...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References5Affected Software1
CVE
CVEadded 2026/05/28 9:36 a.m.19 views

CVE-2026-46158

The CVE-2026-46158 issue is in the Linux kernel MPTCP implementation: when ADD_ADDR is retransmitted, the socket reference count may not be released reliably, creating a potential resource leak. The fix adds a proper exit path to call sock_put (__sock_put) at the end of the handling and removes a...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/05/28 9:35 a.m.31 views

CVE-2026-46111 Bluetooth: hci_conn: fix potential UAF in create_big_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: fix potential UAF in createbigsync Add hciconnvalid check in createbigsync to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in createbigcomplete and re-validate...

7.8CVSS0.00125EPSS
Exploits0References5
CVE
CVEadded 2026/05/28 9:35 a.m.20 views

CVE-2026-46111

The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References5Affected Software1
Cvelist
Cvelistadded 2026/05/28 9:27 a.m.31 views

CVE-2026-9813 FlowIntel external reference URL probe allows server-side request forgery

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

6.2CVSS0.00232EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/28 9:27 a.m.8 views

CVE-2026-9813 FlowIntel external reference URL probe allows server-side request forgery

FlowIntel up to version 3.3.0 contains a server-side request forgery SSRF vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specifi...

6.2CVSS5.8AI score0.00232EPSS
Exploits0References1
CVE
CVEadded 2026/05/28 9:27 a.m.18 views

CVE-2026-9813

CVE-2026-9813 affects FlowIntel up to version 3.3.0 and is due to a server-side request forgery (SSRF) in the external reference URL probe in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specif...

9.9CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/05/28 9:12 a.m.10 views

BIT-GITLAB-2026-8716 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user to access CI data from a different ref type than intended...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3
NVD
NVDadded 2026/05/28 8:16 a.m.14 views

CVE-2026-7651

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS0.0035EPSS
Exploits0References5
Microsoft CVE
Microsoft CVEadded 2026/05/28 8:1 a.m.6 views

ALSA: caiaq: fix usb_dev refcount leak on probe failure

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
EUVD
EUVDadded 2026/05/28 6:45 a.m.9 views

EUVD-2026-32730

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS5.9AI score0.0035EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/28 6:45 a.m.8 views

CVE-2026-7651

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS5.9AI score0.0035EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/28 6:45 a.m.31 views

CVE-2026-7651 User Registration & Membership <= 5.1.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Media Deletion via 'profile-pic-url' Parameter

The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.5. This is due to missing...

5.3CVSS0.0035EPSS
Exploits0References5
NVD
NVDadded 2026/05/28 6:16 a.m.13 views

CVE-2026-3173

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...

6.5CVSS0.00243EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/28 5:30 a.m.35 views

CVE-2026-3173 Meta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...

6.5CVSS0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/28 5:30 a.m.12 views

CVE-2026-3173 Meta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta Exposure

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/28 5:30 a.m.14 views

EUVD-2026-32722

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the authenticated user...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
CVE
CVEadded 2026/05/28 5:30 a.m.17 views

CVE-2026-3173

The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 1.5.1. Authenticated attackers with Contributor-level access or higher can read arbitrary user meta, post meta, and term meta from any object, potentially exposing PII (...

6.5CVSS5.9AI score0.00243EPSS
Exploits0References4
OSV
OSVadded 2026/05/28 4:57 a.m.9 views

ECHO-24D3-194D-5BF9

Bulletin has no description...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References1
Rows per page
Query Builder