Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12171 matches found

Circl
Circladded 2026/04/08 4:36 p.m.1 views

CVE-2026-39983

creationtimestamp| type| source ---|---|--- 2026-04-08 16:36:30+00:00| published-proof-of-concept| https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q 2026-04-09 19:23:08+00:00| seen| Telegram/opWNLDaOjT2KiHYbiGpHGLhTmz3SmMLK1wCf8I-JAwAiArQ 2026-04-09 20:07:31+00:00...

8.6CVSS5.7AI score0.02042EPSS
Exploits1References6
Circl
Circladded 2026/04/08 1:35 p.m.0 views

CVE-2026-39981

creationtimestamp| type| source ---|---|--- 2026-04-08 13:35:21+00:00| published-proof-of-concept| https://github.com/Josh-XT/AGiXT/security/advisories/GHSA-5gfj-64gh-mgmw 2026-04-09 19:23:08+00:00| seen| Telegram/opWNLDaOjT2KiHYbiGpHGLhTmz3SmMLK1wCf8I-JAwAiArQ 2026-04-09 20:26:56+00:00| seen|...

8.8CVSS5.7AI score0.00051EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/04/08 12:13 p.m.1 views

CVE-2026-28390

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS5.9AI score0.0014EPSS
Exploits0References9
Circl
Circladded 2026/04/08 3:16 a.m.3 views

CVE-2026-3296

creationtimestamp| type| source ---|---|--- 2026-04-08 03:16:41+00:00| seen| Telegram/dROJOrCDMnkwqXhb9-Y-ghLBhlUA50W24DQUefxFEp990g8 2026-04-08 04:23:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mixh4aj6sf25 2026-04-08 04:53:37+00:00| seen|...

9.8CVSS5.7AI score0.00037EPSS
Exploits1References3
Circl
Circladded 2026/04/07 11:21 p.m.2 views

CVE-2026-39847

creationtimestamp| type| source ---|---|--- 2026-04-07 23:21:25+00:00| seen| Telegram/ob3ye0FCdfhceb6CimILWC3jRIWmZERTbGMc-OQRsW6HR0 2026-04-08 00:00:38+00:00| seen| https://infosec.exchange/users/offseq/statuses/116366143495848270 2026-04-08 00:00:42+00:00| seen|...

9.1CVSS4.8AI score0.00019EPSS
Exploits0References6
CVE
CVEadded 2026/04/07 4:49 p.m.15 views

CVE-2026-39307

Summary of CVE-2026-39307 PraisonAI templates installation uses Python’s zipfile.extractall() without validating that archive entries stay within the target extraction directory. This Zip Slip flaw existed prior to version 1.5.113 and could allow arbitrary file writes (potentially to system locat...

8.1CVSS5.9AI score0.00068EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2026/04/07 3:6 p.m.19 views

CVE-2026-35515

NestJS/core (@nestjs/core) contains a vulnerability in SseStream._transform() where un sanitized interpolation of upstream data into SSE output allows an attacker to inject arbitrary SSE events, spoof event types, and corrupt reconnection state. The issue arises from inserting message.type and me...

6.3CVSS6AI score0.00013EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/07 3:6 p.m.12 views

CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and ...

6.3CVSS0.00013EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/07 3:6 p.m.1 views

CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and ...

6.3CVSS6AI score0.00013EPSS
Exploits0References1
Circl
Circladded 2026/04/07 2:30 p.m.0 views

CVE-2026-24660

creationtimestamp| type| source ---|---|--- 2026-04-07 14:30:23+00:00| seen| https://infosec.place/objects/a2376c08-1874-41bc-927d-b5b917cc6297 2026-04-07 15:29:07+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miw3sfcjxx2p 2026-04-07 17:28:45+00:00|...

9.8CVSS5.2AI score0.00078EPSS
Exploits1References3
Circl
Circladded 2026/04/07 2:30 p.m.2 views

CVE-2026-5627

creationtimestamp| type| source ---|---|--- 2026-04-07 14:30:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mivyjoek5x26 2026-04-07 14:30:22+00:00| seen| https://infosec.exchange/users/offseq/statuses/116363900721699665 2026-04-07 14:44:48+00:00| seen|...

9.1CVSS8.6AI score0.00063EPSS
Exploits1References4
Circl
Circladded 2026/04/07 9:40 a.m.2 views

CVE-2024-43028

creationtimestamp| type| source ---|---|--- 2026-04-07 09:40:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mivicunecn2a 2026-04-07 10:00:56+00:00| seen| https://bsky.app/profile/potato.software/post/3mivjhz5lhn2n...

9.8CVSS5.9AI score0.00836EPSS
Exploits0References2
Circl
Circladded 2026/04/07 8:1 a.m.5 views

CVE-2026-5465

creationtimestamp| type| source ---|---|--- 2026-04-07 08:01:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mivcqtypg327 2026-04-07 09:15:25+00:00| seen| Telegram/UjrnvOa2JLE3qzXsFYe7vk49vQcInvR-SenKatBboIQ7n94 2026-04-07 09:37:20+00:00| seen|...

8.8CVSS4.8AI score0.00023EPSS
Exploits1References3
Circl
Circladded 2026/04/07 7:0 a.m.4 views

CVE-2026-1114

creationtimestamp| type| source ---|---|--- 2026-04-07 07:00:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116362132042797237 2026-04-07 09:15:25+00:00| seen| Telegram/UjrnvOa2JLE3qzXsFYe7vk49vQcInvR-SenKatBboIQ7n94 2026-04-07 09:32:19+00:00| seen|...

9.8CVSS7.8AI score0.00027EPSS
Exploits1References4
Circl
Circladded 2026/04/07 6:2 a.m.1 views

CVE-2025-54328

creationtimestamp| type| source ---|---|--- 2026-04-07 06:02:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miv45ttzr425 2026-04-07 08:06:44+00:00| seen| https://bsky.app/profile/yazoul-alerts.bsky.social/post/3mivd3t5d2m2o 2026-04-08 08:07:19+00:00| seen|...

10CVSS5.3AI score0.00074EPSS
Exploits1References7
Circl
Circladded 2026/04/06 9:20 p.m.0 views

CVE-2026-35022

creationtimestamp| type| source ---|---|--- 2026-04-06 21:20:59+00:00| seen| Telegram/8Tvza3k4qy2IjH2O3f59isxEIVitW69EvgGBkLG1GZexI3E 2026-04-07 04:30:28+00:00| seen| https://infosec.exchange/users/offseq/statuses/116361542195290387 2026-04-07 04:30:30+00:00| seen|...

4.8AI score0.00596EPSS
Exploits0References6
Circl
Circladded 2026/04/06 6:24 p.m.1 views

CVE-2026-35470

creationtimestamp| type| source ---|---|--- 2026-04-06 18:24:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv4qwen22t 2026-04-06 18:24:29+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mitv5jd3vu2j 2026-04-06 19:20:37+00:00| seen|...

8.8CVSS4.8AI score0.00014EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/06 4:12 p.m.18 views

CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

10CVSS0.00174EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/04/06 4:12 p.m.0 views

CVE-2026-34976 Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config admin.go, making it completely unauthenticated. Unlike the similar restore mutation which requires Guardian-of-Galaxy authentication,...

10CVSS5.9AI score0.00174EPSS
Exploits1References1
Circl
Circladded 2026/04/06 3:19 p.m.3 views

RHSA-2025:7458

creationtimestamp| type| source ---|---|--- 2026-04-06 15:19:47+00:00| seen| Telegram/zfToAAWf8eWnJ7ba07A0EZZiZLhP55gYdeGjYzJA6KMcCw 2026-04-06 15:20:12+00:00| seen| Telegram/0sUuWW8J84hCZb1n0MF5lAvDyk6dii4XfiqOlA0c3Bj-PlY 2026-04-06 15:20:35+00:00| seen|...

4.8AI score
Exploits0
Rows per page
Query Builder