Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

520469 matches found

IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/12 6:40 a.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)

Summary Multiple vulnerabilities were addressed in IBM Observability with Instana OnPrem build 1.0.319 Vulnerability Details CVEID:CVE-2018-20225 DESCRIPTION: An issue was discovered in pip all versions because it installs the version with the highest version number, even if the user had intended...

9.1CVSS6AI score0.01736EPSS
Exploits7Affected Software1
RedhatCVE
RedhatCVEadded 2026/06/12 4:42 a.m.9 views

CVE-2026-45287

A flaw was found in OpenTelemetry-Go. Repeated successful calls to the ParseFile function, specifically within go.opentelemetry.io/otel/schema/v1.0 and go.opentelemetry.io/otel/schema/v1.1, can lead to a file descriptor leak. If a consuming application exposes repeated schema parsing to an...

5.5CVSS5.5AI score0.00175EPSS
Exploits1References6
SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.11 views

SUSE CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS5.7AI score0.00231EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.9 views

SUSE CVE-2026-10142

kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a...

7.5CVSS5.5AI score0.00352EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.7 views

SUSE CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

6.3CVSS5.7AI score0.00202EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.8 views

SUSE CVE-2026-11791

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.8AI score
Exploits0References4
SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.9 views

SUSE CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS5.7AI score0.00257EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.10 views

SUSE CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

4.9CVSS5.7AI score0.00334EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:31 a.m.8 views

SUSE CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS5.4AI score0.00261EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:25 a.m.6 views

SUSE CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.4AI score0.00194EPSS
Exploits0References3
NVD
NVDadded 2026/06/12 2:16 a.m.7 views

CVE-2026-9125

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS0.00246EPSS
Exploits0References10
NVD
NVDadded 2026/06/12 2:16 a.m.8 views

CVE-2026-11933

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS0.00341EPSS
Exploits0References1
OSV
OSVadded 2026/06/12 2:16 a.m.2 views

UBUNTU-CVE-2026-11933

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.4AI score0.00341EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/12 1:57 a.m.9 views

EUVD-2026-36373

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00341EPSS
Exploits0References1
CVE
CVEadded 2026/06/12 1:57 a.m.96 views

CVE-2026-11933

Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.

8.8CVSS5.5AI score0.00341EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/12 1:57 a.m.29 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS0.00341EPSS
Exploits0References1
MongoDB
MongoDBadded 2026/06/12 1:57 a.m.13 views

Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00341EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/12 1:57 a.m.8 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.3AI score0.00341EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/12 1:28 a.m.10 views

EUVD-2026-36372

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.7AI score0.00246EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2026/06/12 1:28 a.m.7 views

CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.6AI score0.00246EPSS
Exploits0References10
Rows per page
Query Builder