Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

521424 matches found

SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.9 views

SUSE CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS5.7AI score0.00267EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:32 a.m.11 views

SUSE CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

4.9CVSS5.7AI score0.00334EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:31 a.m.8 views

SUSE CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS5.4AI score0.00261EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2026/06/12 2:25 a.m.7 views

SUSE CVE-2026-48860

Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...

7.5CVSS5.4AI score0.00194EPSS
Exploits0References3
NVD
NVDadded 2026/06/12 2:16 a.m.10 views

CVE-2026-9125

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS0.00239EPSS
Exploits0References10
NVD
NVDadded 2026/06/12 2:16 a.m.10 views

CVE-2026-11933

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS0.00384EPSS
Exploits0References1
OSV
OSVadded 2026/06/12 2:16 a.m.4 views

UBUNTU-CVE-2026-11933

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.4AI score0.00384EPSS
Exploits0References3
CVE
CVEadded 2026/06/12 1:57 a.m.115 views

CVE-2026-11933

Technical details (affected products, versions, root cause, and remediation) are not publicly available in the provided documents. Please monitor for updates.

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/12 1:57 a.m.8 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.3AI score0.00384EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/12 1:57 a.m.10 views

EUVD-2026-36373

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/12 1:57 a.m.29 views

CVE-2026-11933 Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS0.00384EPSS
Exploits0References1
MongoDB
MongoDBadded 2026/06/12 1:57 a.m.13 views

Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion

A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run server-side JavaScript for example, via $where or $function can cause the server to access...

8.8CVSS5.5AI score0.00384EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/06/12 1:28 a.m.11 views

EUVD-2026-36372

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References10
CVE
CVEadded 2026/06/12 1:28 a.m.17 views

CVE-2026-9125

Summary: CVE-2026-9125 affects the Presto Player plugin for WordPress (up to version 4.2.0). The root cause is insufficient input sanitization and output escaping in the getOverlays() function, which copies the link_url shortcode attribute directly into the overlay configuration without scheme va...

6.4CVSS5.7AI score0.00239EPSS
Exploits0References10
Cvelist
Cvelistadded 2026/06/12 1:28 a.m.26 views

CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS0.00239EPSS
Exploits0References10
Vulnrichment
Vulnrichmentadded 2026/06/12 1:28 a.m.8 views

CVE-2026-9125 The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute

The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'linkurl' parameter of the prestoplayeroverlay shortcode in versions up to, and including, 4.2.0 This is due to insufficient input sanitization and output escaping in the getOverlays function, which copies...

6.4CVSS5.6AI score0.00239EPSS
Exploits0References10
IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/12 1:5 a.m.4 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access Digital Credentials Vulnerability Details CVEID:CVE-2026-45740 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth...

9.8CVSS7.4AI score0.00613EPSS
Exploits4Affected Software1
Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.11 views

PT-2026-49004

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The getRedirectURL function in oauth2.go constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed path without validating the Host header. This allows...

6.8CVSS5.2AI score0.00234EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.13 views

PT-2026-48990

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.17.5 Description The software uses the allowedSchemesAppliedToAttributes variable to control the naughtyHref function, which is designed to block dangerous URI schemes such as javascript: and vbscript:. Howeve...

5.4CVSS5.2AI score0.00136EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/12 12:0 a.m.11 views

PT-2026-49059

Name of the Vulnerable Software and Affected Versions Tornado versions prior to 6.5.6 Description The optional native extension tornado.speedups implements the websocket mask function without validating that the mask argument is exactly four bytes long. The C function reads four bytes from mask...

3.7CVSS5.3AI score0.00027EPSS
Exploits0References9
Rows per page
Query Builder