Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

232 matches found

Positive Technologies
Positive Technologiesadded yesterday4 views

PT-2026-48328

JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-packages configuration fell back to trusting all packages rather than applying a safe default...

8.1CVSS5.4AI score
Exploits0References2
RedhatCVE
RedhatCVEadded 5 days ago5 views

CVE-2026-42266

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed from PyPI Extension Manager allowedextensionsuris is not correctly enforced by JupyterLab. The Py...

8.8CVSS5.5AI score0.00029EPSS
Exploits0References1
NVD
NVDadded last week4 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS0.0006EPSS
Exploits0References1
OSV
OSVadded last week6 views

DEBIAN-CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.5AI score0.0006EPSS
Exploits0References1
CVE
CVEadded last week47 views

CVE-2026-47065

CVE-2026-47065 (Apache MINA context) describes two deserialization bypass issues: first, resolveProxyClass bypasses the accept/allow-list when JDK resolves proxy interfaces from a serialized proxy via ObjectInputStream.readProxyDesc(), and second, readClassDescriptor triggers static initializers ...

9.8CVSS5.8AI score0.0006EPSS
Exploits0References1
EUVD
EUVDadded last week4 views

EUVD-2026-34069

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.0006EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded last week5 views

CVE-2026-47065

ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed. When the serialised stream contains a TCPROXYCLASSDESC the marker for a java.lang.reflect.Proxy , JDK’s ObjectInputStream.readProxyDesc is dispatched. JDK then calls...

9.8CVSS5.8AI score0.0006EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2026/06/02 7:8 p.m.6 views

EEF-CVE-2026-48597 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-tesla tesla allows denial of service via atom table exhaustion in Tesla.Adapter.Mint. Tesla.Adapter.Mint.openconn/2 converts the URL scheme of every outgoing request to a BEAM atom via String.toatomuri.scheme wit...

8.2CVSS5.8AI score0.00055EPSS
Exploits0References4
Snyk
Snykadded 2026/06/01 2:7 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into...

8.2CVSS5.7AI score
Exploits0References2
SUSE CVE
SUSE CVEadded 2026/05/30 1:59 a.m.8 views

SUSE CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References3
PyPA
PyPAadded 2026/05/28 4:16 p.m.7 views

PYSEC-0000-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2026/05/28 4:16 p.m.11 views

CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS0.00014EPSS
Exploits1References1
OSV
OSVadded 2026/05/28 4:16 p.m.3 views

UBUNTU-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References3
EUVD
EUVDadded 2026/05/28 3:10 p.m.8 views

EUVD-2026-32918

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/05/28 3:10 p.m.10 views

CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1
Cvelist
Cvelistadded 2026/05/28 3:10 p.m.29 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS0.00014EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/28 3:10 p.m.8 views

CVE-2026-48523 PyJWT: Algorithm allow-list bypass when decoding with `PyJWK` / `PyJWKClient` keys

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.6 views

PT-2026-44395

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decode complete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00014EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/05/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-33376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate...

7.4CVSS5.9AI score0.00018EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/05/22 12:0 a.m.8 views

Grafana Labs < 11.6.14+security-04 / 12.2.0 < 12.2.8+security-04 / 12.3.0 < 12.3.6+security-04 / 12.4.0 < 12.4.3+security-02 / 13.0.0 < 13.0.1+security-01 Multiple Vulnerabilities

The version of Grafana Labs installed on the remote host is affected by multiple vulnerabilities, including: - A broken access control flaw in the Snapshot API allows any Editor to delete dashboard snapshots, even those they have no read or write access to. CVE-2026-28380 - When using an IPv6...

7.4CVSS5.9AI score0.00019EPSS
Exploits0References20
Rows per page
Query Builder