Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

21794 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/26 2:34 p.m.8 views

CVE-2026-42347

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-28496. Reason: This candidate is a duplicate of CVE-2026-28496. Notes: All CVE users should reference CVE-2026-28496 instead of this candidate...

5.8AI score0.01892EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/26 11:16 a.m.13 views

CVE-2026-4093

A flaw was found in the Drupal 7 Term Reference Tree module. This vulnerability, a type of stored Cross-Site Scripting XSS, allows an authenticated attacker with permissions to edit or create taxonomy terms to inject malicious scripts. These scripts can execute when a user views a form containing...

5.4CVSS5.8AI score0.00172EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/05/26 12:0 a.m.37 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

0.00221EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/26 12:0 a.m.10 views

EUVD-2026-31838

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/26 12:0 a.m.11 views

CVE-2026-38587

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 12:0 a.m.15 views

CVE-2026-38587

CVE-2026-38587 is an Insecure Direct Object Reference (IDOR) impacting ONLYOFFICE DocSpace prior to 3.2.1. The flaw exists across multiple REST API endpoints and allows authenticated users with low-level permissions (User or Guest) to retrieve sensitive information such as the Owner’s ID and prof...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/05/26 12:0 a.m.11 views

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20794-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20794-1 advisory. Changes in python-PyPDF2: - CVE-2026-41312: Fixed issue where crafed PDF can lead to resources exhaustion bsc1262675 - CVE-2026-41314: Fixed a...

6.9CVSS5.9AI score0.00297EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.12 views

PT-2026-43264

An Insecure Direct Object Reference IDOR vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level permissions User or Guest to retrieve sensitive information, such as the Owner's unique...

5.8AI score0.00221EPSS
Exploits0References2
vulnersOsv
vulnersOsvadded 2026/05/25 11:19 p.m.4 views

ca.ibodrov.concord:mcp-for-concord (>=0.0.1 <=0.0.2), ca.ibodrov.concord:testcontainers-concord-core (>=2.0.3 <=2.0.5) +298 more potentially affected by CVE-2026-43827 via org.apache.shiro:shiro-core (>=2.0.0-alpha-1 <=2.1.0)

org.apache.shiro:shiro-core MAVEN version =2.0.0-alpha-1, =0.0.1, =2.0.3, =0.0.27, =0.0.27, =0.0.27, =6.0.0, =8.0.0, =8.0.0, =2.2.0, =1.0.2, =3.4.0, =3.3.0, =3.3.0, =3.3.0, =3.8.0 and more Source cves: CVE-2026-43827 Source advisory: SNYK:JAVA-ORGAPACHESHIRO-17116505...

6.5CVSS5.4AI score0.00412EPSS
Exploits0
OSV
OSVadded 2026/05/25 9:3 a.m.7 views

OPENSUSE-SU-2026:20794-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-41312: Fixed issue where crafed PDF can lead to resources exhaustion bsc1262675 - CVE-2026-41314: Fixed a denial of service via manipulated FlateDecode image dimensions can lead to RAM exhaustion...

6.9CVSS5.8AI score0.00297EPSS
Exploits0References6
OSV
OSVadded 2026/05/24 11:13 a.m.9 views

ECHO-DFB6-9966-93AB

Bulletin has no description...

6.5CVSS6.7AI score0.01799EPSS
Exploits0References1
NVD
NVDadded 2026/05/24 5:16 a.m.12 views

CVE-2026-3515

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS0.00298EPSS
Exploits0References1
OSV
OSVadded 2026/05/24 3:45 a.m.8 views

ECHO-E912-6020-E80C

Bulletin has no description...

8.8CVSS5.7AI score0.0013EPSS
Exploits3References1
Vulnrichment
Vulnrichmentadded 2026/05/24 3:32 a.m.8 views

CVE-2026-3515 Argument Injection in prefecthq/prefect

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.9AI score0.00298EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/24 3:32 a.m.14 views

EUVD-2026-31563

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.9AI score0.00298EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/24 3:32 a.m.17 views

CVE-2026-3515 Argument Injection in prefecthq/prefect

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS0.00298EPSS
Exploits0References1
CVE
CVEadded 2026/05/24 3:32 a.m.19 views

CVE-2026-3515

CVE-2026-3515 affects Prefect 3.6.18, specifically the GitHubRepository block of the prefect-github integration. The vulnerability lies in how the reference field is concatenated into a git clone command and then parsed with shlex.split(), allowing an attacker to inject arbitrary git options (e.g...

8.5CVSS7.9AI score0.00298EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/24 12:0 a.m.9 views

PT-2026-45894

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515832483 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcd fmt conv ihevcd decode ihevcd cxa api function...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/24 12:0 a.m.12 views

PT-2026-42909

A vulnerability in the GitHubRepository block of the prefect-github integration in Prefect version 3.6.18 allows an attacker to inject arbitrary git command-line options via the reference field. The reference field is concatenated directly into a git clone command string without proper...

8.5CVSS7.9AI score0.00298EPSS
Exploits0References1
OSV
OSVadded 2026/05/23 3:10 p.m.14 views

MINI-F52H-RGH6-G8X5

Bulletin has no description...

6.3CVSS5.7AI score0.00351EPSS
Exploits0
Rows per page
Query Builder