Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

192003 matches found

NVD
NVDadded 2026/05/12 6:17 p.m.8 views

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS0.00861EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.10 views

CVE-2026-41096

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network...

9.8CVSS0.01932EPSS
Exploits4References1
NVD
NVDadded 2026/05/12 6:17 p.m.5 views

CVE-2026-41086

Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...

8.8CVSS0.00427EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.5 views

CVE-2026-41089

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network...

9.8CVSS0.43788EPSS
Exploits31References1
NVD
NVDadded 2026/05/12 6:17 p.m.7 views

CVE-2026-40405

Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network...

7.5CVSS0.01078EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.6 views

CVE-2026-40398

Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally...

7.8CVSS0.02079EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.6 views

CVE-2026-35417

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00334EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.10 views

CVE-2026-34334

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/05/12 5:37 p.m.7 views

CVE-2026-33006

A flaw was found in the modauthdigest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication. Mitigation Mitigation for this issue is...

4.8CVSS5.7AI score0.00557EPSS
Exploits1References4
Snyk
Snykadded 2026/05/12 5:22 p.m.5 views

Timing Attack

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Timing Attack via AJP secret comparison. An attacker can perform a timing side-channel attack to determine whether a guessed secret ...

6.3CVSS5.8AI score0.00365EPSS
Exploits0References2
Snyk
Snykadded 2026/05/12 5:22 p.m.7 views

Timing Attack

Overview org.apache.tomcat:tomcat-coyote is a Tomcat Connectors and HTTP parser. Affected versions of this package are vulnerable to Timing Attack via AJP secret comparison. An attacker can perform a timing side-channel attack to determine whether a guessed secret is correct by sending many...

6.3CVSS5.8AI score0.00365EPSS
Exploits0References2
Snyk
Snykadded 2026/05/12 5:22 p.m.6 views

Timing Attack

Overview org.apache.tomcat:tomcat is an implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. Affected versions of this package are vulnerable to Timing Attack via AJP secret comparison. An attacker can perform a timing side-channel attack...

6.3CVSS5.8AI score0.00365EPSS
Exploits0References2
Snyk
Snykadded 2026/05/12 5:22 p.m.8 views

Timing Attack

Overview org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Timing Attack via AJP secret comparison. An attacker can perform a timing side-channel attack to determine whether a guessed secret is correct by sending many...

6.3CVSS5.8AI score0.00365EPSS
Exploits0References2
NVD
NVDadded 2026/05/12 5:16 p.m.12 views

CVE-2026-20754

Improper conditions check in some firmware for some IntelR NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via...

6.9CVSS0.00104EPSS
Exploits0References1
OSV
OSVadded 2026/05/12 5:16 p.m.6 views

ALPINE-CVE-2025-35979

Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some IntelR Processors within VMX non-root guest operation may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a...

6.8CVSS5.8AI score0.00096EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 5:11 p.m.29 views

CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 4:59 p.m.3 views

CVE-2026-42838

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

5.4CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/05/12 4:59 p.m.6 views

CVE-2026-42830

Untrusted search path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...

6.5CVSS5.8AI score0.00498EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/12 4:59 p.m.10 views

EUVD-2026-29696

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00488EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 4:59 p.m.6 views

CVE-2026-40401

Windows TCP/IP Denial of Service Vulnerability...

7.1CVSS5.8AI score0.00331EPSS
Exploits0References2Affected Software20
Rows per page
Query Builder