Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

521060 matches found

RedHat Linux
RedHat Linuxadded 2026/06/10 10:0 p.m.8 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.2AI score0.00542EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2026/06/10 10:0 p.m.7 views

kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event()

A flaw was found in the Linux kernel's RDMA/mlx4 component. This vulnerability arises from the incorrect use of Read-Copy Update RCU in the mlx4srqevent function. An attacker could potentially trigger an event before the srq object is fully initialized, leading to a system crash. This could resul...

7.8CVSS5.4AI score0.00136EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/06/10 9:27 p.m.7 views

CVE-2026-10722

A flaw was found in the cilium/ebpf Go library versions up to 0.21.0. An integer overflow in the loadRawSpec function btf/btf.go when parsing BTF collection specs can cause excessive memory allocation or parsing failure. A local attacker who can supply a crafted eBPF collection spec to an...

5.5CVSS5.2AI score0.00135EPSS
Exploits1References12
Debian CVE
Debian CVEadded 2026/06/10 9:18 p.m.6 views

CVE-2026-46625

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.2AI score0.00362EPSS
Exploits0
Cvelist
Cvelistadded 2026/06/10 9:18 p.m.29 views

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS0.00362EPSS
Exploits0References3
CVE
CVEadded 2026/06/10 9:18 p.m.61 views

CVE-2026-46625

CVE-2026-46625 concerns the JavaScript Cookie library (js-cookie) prior to 3.0.7. A per-instance prototype hijack occurs in the internal assign() when merging properties from a source object produced by JSON.parse that may include an own enumerable proto key. This polluted prototype leads to atta...

7.5CVSS5.4AI score0.00362EPSS
Exploits0References3
EUVD
EUVDadded 2026/06/10 9:18 p.m.7 views

EUVD-2026-36154

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.4AI score0.00362EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/10 9:18 p.m.7 views

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

7.5CVSS5.4AI score0.00362EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/10 9:4 p.m.7 views

CVE-2026-49958

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00081EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:4 p.m.6 views

CVE-2026-49472

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

5.3CVSS5.4AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:1 p.m.5 views

CVE-2026-45603

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:1 p.m.6 views

CVE-2026-45601

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:1 p.m.6 views

CVE-2026-45638

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:1 p.m.7 views

CVE-2026-45598

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:1 p.m.5 views

CVE-2026-45596

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00147EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:0 p.m.7 views

CVE-2026-42911

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00191EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:0 p.m.6 views

CVE-2026-42836

Concurrent execution using shared resource with improper synchronization 'race condition' in Function Discovery Service fdwsd.dll allows an authorized attacker to elevate privileges locally...

7CVSS5.6AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/10 9:0 p.m.6 views

CVE-2026-34335

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00191EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/10 8:39 p.m.25 views

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS0.00248EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/10 8:39 p.m.9 views

CVE-2026-53738 Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler

Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdpactionhandling AJAX handler. Attackers with an enabled role can delete posts or overwrite plugin settings via the f parameter, bypassing per-function capability checks...

8.1CVSS5.4AI score0.00248EPSS
Exploits0References2
Rows per page
Query Builder