Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

86802 matches found

NVD
NVDadded 2026/05/12 10:16 p.m.11 views

CVE-2026-42844

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.8CVSS0.00336EPSS
Exploits1References1
CVE
CVEadded 2026/05/12 9:43 p.m.15 views

CVE-2026-42844

Grav 2.0.0-beta.2 contains an authenticated API privilege-escalation in the blueprint-upload flow. A low-privileged API user (api.media.write) can write an arbitrary YAML file into user/accounts/ via /api/v1/blueprint-upload, then log in as the created account with api.super, resulting in full ad...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/12 9:43 p.m.36 views

CVE-2026-42844 Grav: Low-privileged API users can create super-admin accounts via blueprint-upload

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.7CVSS0.00336EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 9:43 p.m.5 views

CVE-2026-42844

Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then log in as the newly created account with api.super privileges. This results in full...

8.7CVSS5.9AI score0.00336EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/12 9:31 p.m.8 views

EUVD-2026-29807

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/12 9:31 p.m.10 views

EUVD-2026-29806

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/12 9:31 p.m.9 views

EUVD-2026-29812

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS6.2AI score0.00315EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/12 9:31 p.m.9 views

EUVD-2026-29808

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS6.4AI score0.00352EPSS
Exploits0References2
Snyk
Snykadded 2026/05/12 9:20 p.m.4 views

Directory Traversal

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Directory Traversal via the file system process. An attacker can access or modify files outside the intended directory by sending crafted requests with administrative...

8.7CVSS6.3AI score0.00606EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/12 9:2 p.m.27 views

CVE-2026-26289 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only...

8.4CVSS0.00135EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/12 8:43 p.m.9 views

CVE-2026-44403

Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References3Affected Software1
CVE
CVEadded 2026/05/12 8:43 p.m.26 views

CVE-2026-44403

Wing FTP Server 8.1.2 is affected: an authenticated remote code execution due to unsafe session serialization that injects Lua via the domain admin mydirectory field, leading to code execution when a poisoned session is loaded with loadfile(). Root cause: unsafe serialization of session values in...

8.6CVSS6.5AI score0.02643EPSS
Exploits5References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/12 8:33 p.m.5 views

CVE-2026-44224

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without...

8.6CVSS5.9AI score0.00379EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/12 8:22 p.m.5 views

CVE-2026-44987

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

3.8CVSS5.7AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/12 8:21 p.m.6 views

CVE-2026-42858

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

9.9CVSS6AI score0.00374EPSS
Exploits1References1
NVD
NVDadded 2026/05/12 8:16 p.m.18 views

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 8:16 p.m.9 views

CVE-2026-44856

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS0.00352EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 8:16 p.m.12 views

CVE-2026-44863

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 8:16 p.m.12 views

CVE-2026-44861

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

7.2CVSS0.00315EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 8:16 p.m.8 views

CVE-2026-44857

Stack-based buffer overflow vulnerabilities exist in several underlying management service components accessed through the command-line interface of the AOS-8 and AOS-10 Operating Systems. An authenticated attacker with administrative privileges could exploit these vulnerabilities by sending...

7.2CVSS0.00352EPSS
Exploits0References1
Rows per page
Query Builder