Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

520447 matches found

CVE
CVEadded 2026/06/12 3:1 p.m.11 views

CVE-2026-50085

The CVE-2026-50085 entry concerns the Aqara Board IoT service (op-test.aqara.com). It accepts arbitrary MQTT command payloads and forwards them to the HiveMQ broker without authentication (CWE-306: Missing Authentication for Critical Function). CVSS v3.1 base score 8.6 (High): Network access, no ...

8.6CVSS5.6AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/12 3:0 p.m.25 views

CVE-2026-50082 Aqara Developer Portal insecure authentication token

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS0.00208EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/12 3:0 p.m.6 views

EUVD-2026-36472

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS5.4AI score0.00208EPSS
Exploits0References2
CVE
CVEadded 2026/06/12 3:0 p.m.12 views

CVE-2026-50082

The Aqara Cloud Developer Portal is affected by a Missing Authentication for Critical Function (CWE-306) vulnerability where a developer token could be issued to any email address, enabling an unauthenticated user to potentially take over devices when combined with CVE-2026-50083/84/85. The CVSS ...

6.5CVSS5.5AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/12 3:0 p.m.10 views

CVE-2026-50082 Aqara Developer Portal insecure authentication token

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS5.5AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/12 2:41 p.m.6 views

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

5.2AI score0.00317EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/12 2:41 p.m.7 views

EUVD-2026-36456

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.3AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/12 2:41 p.m.25 views

CVE-2026-9638 Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

0.00317EPSS
Exploits0References2
CVE
CVEadded 2026/06/12 2:41 p.m.11 views

CVE-2026-9638

Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...

7.5CVSS5.3AI score0.00317EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/06/12 2:41 p.m.6 views

CVE-2026-9638

Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography...

7.5CVSS5.2AI score0.00317EPSS
Exploits0
NVD
NVDadded 2026/06/12 2:16 p.m.7 views

CVE-2026-12066

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS0.00474EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/12 1:56 p.m.5 views

EUVD-2026-36431

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/12 1:56 p.m.5 views

CVE-2026-54133 jmespath.php has CompilerRuntime code injection via unescaped function names

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS5.6AI score0.0032EPSS
Exploits0References1
CVE
CVEadded 2026/06/12 1:56 p.m.58 views

CVE-2026-54133

Technical details (affected versions, impact specifics, and remediation) are not publicly available in the provided documents. Monitor for updates.

9.8CVSS5.5AI score0.0032EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/06/12 1:56 p.m.23 views

CVE-2026-54133 jmespath.php has CompilerRuntime code injection via unescaped function names

jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to 2.9.1 can generate and execute attacker-controlled PHP code when JmesPath\CompilerRuntime is used with an...

9.8CVSS0.0032EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/12 1:0 p.m.7 views

EUVD-2026-36423

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS7.1AI score0.00474EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/06/12 1:0 p.m.25 views

CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS0.00474EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/12 1:0 p.m.7 views

CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery

A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...

7.5CVSS7.1AI score0.00474EPSS
Exploits0References6
CVE
CVEadded 2026/06/12 1:0 p.m.12 views

CVE-2026-12066

CVE-2026-12066 affects PbootCMS up to version 3.2.12. The vulnerability resides in the function retrieve of file apps/home/controller/MemberController.php (Password Handler). Manipulating the arguments username/password/email/checkcode enables weak password recovery; the issue is exploitable remo...

7.5CVSS7.1AI score0.00474EPSS
Exploits0References6
OSV
OSVadded 2026/06/12 12:28 p.m.7 views

OESA-2026-2681 xorg-x11-server security update

X.Org X11 X server Security Fixes: 'Hi all,\n\nCVEs have been issued now, please see inline below\n\nOn Tue, Jun 02, 2026 at 10:01:46AM +1000, Peter Hutterer wrote:', "=======================================================================\nX.Org Security Advisory: June 2, 2026 \n\nIssues in X.Or...

7.8CVSS5.9AI score0.00216EPSS
Exploits0References10
Rows per page
Query Builder