Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

120242 matches found

Mozilla
Mozillaadded 2026/04/07 12:0 a.m.5 views

Security Vulnerabilities fixed in Firefox 149.0.2 — Mozilla

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.00071EPSS
Exploits0References5Affected Software1
NVD
NVDadded 2026/04/06 8:16 p.m.3 views

CVE-2026-35197

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

9.8CVSS0.00034EPSS
Exploits1References2
NVD
NVDadded 2026/04/06 8:16 p.m.3 views

CVE-2026-35020

Rejected reason: This CVE ID has been rejected by the its CVE Numbering Authority CNA. It was determined that the attack requires an attacker to already control arbitrary environment variables, a level of access they consider functionally equivalent to code execution and outside the threat model ...

0.00114EPSS
Exploits0
EUVD
EUVDadded 2026/04/06 7:39 p.m.2 views

EUVD-2026-19471

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

6.6CVSS6.1AI score0.00034EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/04/06 7:39 p.m.3 views

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

6.6CVSS6.1AI score0.00034EPSS
Exploits1References2
RedHat Linux
RedHat Linuxadded 2026/04/06 6:44 p.m.3 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.8CVSS6.6AI score0.00076EPSS
Exploits2References3
RedHat Linux
RedHat Linuxadded 2026/04/06 6:44 p.m.2 views

freerdp: FreeRDP: Arbitrary code execution via heap out-of-bounds write in RLE planar decode path

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap out-of-bounds write vulnerability in the planardecompressplanerle function. This vulnerability allows the server to write past the end of a temporary buffer, potentiall...

8.8CVSS6.5AI score0.00036EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2026/04/06 6:44 p.m.1 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.7AI score0.00076EPSS
Exploits1References6
OSV
OSVadded 2026/04/06 5:49 p.m.2 views

GO-2026-4920 KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai

KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai...

8.8CVSS6.2AI score0.00016EPSS
Exploits3References1
Cvelist
Cvelistadded 2026/04/06 5:45 p.m.18 views

CVE-2026-35171 Arbitrary Code Execution via Malicious Logging Configuration in Kedro

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, Kedro allows the logging configuration file path to be set via the KEDROLOGGINGCONFIG environment variable and loads it without validation. The logging configuration schema supports the special key, which enables arbitrary...

9.8CVSS0.00202EPSS
Exploits0References1
NVD
NVDadded 2026/04/06 4:16 p.m.1 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS0.00049EPSS
Exploits1References1
OSV
OSVadded 2026/04/06 4:16 p.m.2 views

DEBIAN-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS5.8AI score0.00049EPSS
Exploits1References1
UbuntuCve
UbuntuCveadded 2026/04/06 4:16 p.m.0 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00049EPSS
Exploits1References2
OSV
OSVadded 2026/04/06 4:16 p.m.1 views

UBUNTU-CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS6AI score0.00049EPSS
Exploits1References3
Debian CVE
Debian CVEadded 2026/04/06 3:30 p.m.2 views

CVE-2026-34444

Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attributefilter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitra...

10CVSS5.8AI score0.00049EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2026/04/06 2:51 p.m.2 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

8.8CVSS6.6AI score0.00076EPSS
Exploits2References3
RedhatCVE
RedhatCVEadded 2026/04/06 11:52 a.m.1 views

CVE-2026-31405

A flaw was found in the Linux kernel's dvb-net component. A remote attacker could exploit this vulnerability by sending specially crafted network data. This could lead to an out-of-bounds read in the handleoneuleextension function, potentially allowing the attacker to execute arbitrary code. The...

9.8CVSS6.1AI score0.0006EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2026/04/06 3:44 a.m.3 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

7.8CVSS6.3AI score0.00017EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2026/04/06 3:44 a.m.1 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00009EPSS
Exploits0References7
RedHat Linux
RedHat Linuxadded 2026/04/06 3:34 a.m.0 views

vim: Vim: Arbitrary code execution via command injection in glob() function

A flaw was found in Vim. By including a newline character in a pattern passed to Vim's glob function, an attacker may be able to execute arbitrary shell commands. This command injection vulnerability allows for arbitrary code execution, depending on the user's shell settings...

7.3CVSS6.2AI score0.00009EPSS
Exploits0References7
Rows per page
Query Builder