Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

86690 matches found

SUSE CVE
SUSE CVEadded 2026/05/28 3:55 a.m.8 views

SUSE CVE-2026-45932

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPFPROGDETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission...

7CVSS5.8AI score0.00133EPSS
Exploits0References12
Cvelist
Cvelistadded 2026/05/28 3:49 a.m.30 views

CVE-2026-9795 Keycloak: keycloak: privilege escalation via improper scope mapping enforcement

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:49 a.m.8 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00223EPSS
Exploits0References3
CVE
CVEadded 2026/05/28 3:49 a.m.18 views

CVE-2026-9795

The CVE-2026-9795 entries describe a flaw in Keycloak's Fine-Grained Admin Permissions (FGAPv2). An administrator with limited client-management perms can assign any realm role to a client's scope mapping, bypassing controls, causing the injected role to appear in a user’s authentication token an...

7.3CVSS5.7AI score0.00223EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/28 3:49 a.m.46 views

EUVD-2026-32710

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00223EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/28 3:49 a.m.10 views

CVE-2026-9795

A flaw was found in Keycloak's Fine-Grained Admin Permissions FGAPv2 feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, including highly privileged roles, to a client's scope mapping. This bypasses intended security...

7.3CVSS5.7AI score0.00223EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/28 3:27 a.m.29 views

CVE-2026-7802 Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8.8CVSS0.00402EPSS
Exploits0References14
CVE
CVEadded 2026/05/28 3:27 a.m.18 views

CVE-2026-7802

The CVE-2026-7802 entry concerns the Frontend Admin by DynamiApps WordPress plugin. Affected versions up to 3.29.2 are vulnerable to an authorization bypass that lets authenticated users with subscriber-level access and higher overwrite administrator profile fields (e.g., user_pass, user_email, n...

8.8CVSS6AI score0.00402EPSS
Exploits0References14
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:27 a.m.7 views

CVE-2026-7802

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8.8CVSS6AI score0.00402EPSS
Exploits0References15
Vulnrichment
Vulnrichmentadded 2026/05/28 3:27 a.m.7 views

CVE-2026-7802 Frontend Admin by DynamiApps <= 3.29.2 - Missing Authorization to Authenticated (Subscriber+) Account Takeover via 'user_id' URL Query Parameter

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8.8CVSS6AI score0.00402EPSS
Exploits0References14
EUVD
EUVDadded 2026/05/28 3:27 a.m.8 views

EUVD-2026-32706

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.29.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

8.8CVSS6AI score0.00402EPSS
Exploits0References14
EUVD
EUVDadded 2026/05/28 3:27 a.m.8 views

EUVD-2026-32704

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00241EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/05/28 3:27 a.m.8 views

CVE-2026-2374

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS6AI score0.00241EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/05/28 3:27 a.m.28 views

CVE-2026-2374 Login No Captcha reCAPTCHA <= 1.8.0 - Unauthenticated Stored Cross-Site Scripting via PHP_SELF

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $SERVER'PHPSELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$SERVER'PHPSELF' in the...

7.2CVSS0.00241EPSS
Exploits0References7
Snyk
Snykadded 2026/05/28 3:16 a.m.5 views

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via improper enforcement of scope mapping in the Fine-Grained Admin Permission...

7.3CVSS5.6AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.9 views

PT-2026-44378

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

10CVSS5.8AI score0.00239EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/05/28 12:0 a.m.7 views

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

5.8AI score0.01243EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.10 views

PT-2026-44172

The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the $ SERVER'PHP SELF' superglobal in all versions up to, and including, 1.8.0. This is due to the authenticate function storing the unsanitized output of basename$ SERVER'PHP SELF' in the login...

7.2CVSS6AI score0.00241EPSS
Exploits0References8
CVE
CVEadded 2026/05/28 12:0 a.m.10 views

CVE-2026-30760

CVE-2026-30760 affects SourceBans Material Admin prior to v1.1.6. A crafted XAJAX call allows an attacker to manipulate arbitrary user data in the web application. The root cause is related to insufficient validation/authorization in handling XAJAX requests, leading to data integrity impacts (arb...

7.3CVSS5.9AI score0.00308EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/28 12:0 a.m.6 views

LinkAce 跨站脚本漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site scripting flaw. Low-privilege users could se...

8.5CVSS5.7AI score0.00306EPSS
Exploits0References2
Rows per page
Query Builder