Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

203033 matches found

CVE
CVEadded 2026/06/23 3:37 a.m.77 views

CVE-2026-55654

CVE-2026-55654 describes a heap out-of-bounds read in OpenSSH during GSSAPI indicator cleanup when a trailing NULL termination is missing in the auth-indicators array. A remote attacker in configurations using GSSAPI authentication with Kerberos could trigger a crash/abort in the SSH authenticati...

3.7CVSS5.8AI score0.00308EPSS
Exploits1References2Affected Software3
EUVD
EUVDadded 2026/06/23 3:36 a.m.9 views

EUVD-2026-38413

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS5.7AI score0.00082EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/06/23 3:36 a.m.9 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

6.1CVSS5.7AI score0.00082EPSS
Exploits0
Cvelist
Cvelistadded 2026/06/23 3:36 a.m.39 views

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS0.00082EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/23 3:36 a.m.10 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS5.7AI score0.00082EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/23 3:36 a.m.5 views

CVE-2026-55655 Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

5CVSS5.7AI score0.00082EPSS
Exploits0References2
CVE
CVEadded 2026/06/23 3:36 a.m.21 views

CVE-2026-55655

OpenSSH on Linux clients is affected by CVE-2026-55655. The issue allows a local unprivileged attacker to hijack client-side X11 forwarding connections by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. The attack can compr...

6.1CVSS5.7AI score0.00082EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVEadded 2026/06/23 3:36 a.m.10 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

6.1CVSS5.7AI score0.00082EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/06/23 2:26 a.m.4 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.1AI score0.00349EPSS
Exploits0References8
SUSE CVE
SUSE CVEadded 2026/06/23 2:19 a.m.6 views

SUSE CVE-2026-56211

A remote code execution vulnerability was found in libaom, the reference AV1 codec implementation. Insufficient bounds validation in the AV1 encoder's SVC Scalable Video Coding layer ID control allows an attacker to supply crafted video frame pixels that overlap with internal encoder layer contex...

7.5CVSS6.7AI score0.00385EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/23 12:0 a.m.8 views

PT-2026-51473

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description A flaw in OpenSSH allows a local unprivileged attacker on a Linux client host to hijack client-side X11 forwarding connections. This occurs when X11 forwarding is enabled and a local...

6.1CVSS5.7AI score0.00082EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2026/06/23 12:0 a.m.8 views

PT-2026-51611

Name of the Vulnerable Software and Affected Versions Anthropic Claude Desktop Cowork VM versions 1.1348.0 through 1.2278.0 Description The Cowork VM image handling process validates only the presence of the file and a version marker string before booting rootfs.img, failing to verify the integri...

8.7CVSS6.4AI score0.00103EPSS
Exploits1References8
Redos
Redosadded 2026/06/23 12:0 a.m.5 views

ROS-20260623-73-0042

The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

9.1CVSS6.2AI score0.00517EPSS
Exploits0
Redos
Redosadded 2026/06/23 12:0 a.m.4 views

ROS-20260623-73-0043

The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

9.1CVSS6.2AI score0.00517EPSS
Exploits0
Redos
Redosadded 2026/06/23 12:0 a.m.6 views

ROS-20260623-73-0044

The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

9.1CVSS6.2AI score0.00517EPSS
Exploits0
Redos
Redosadded 2026/06/23 12:0 a.m.4 views

ROS-20260623-73-0046

The vulnerability of the bytes.decode function in the CPython interpreter relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

9.1CVSS6.2AI score0.00517EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalogadded 2026/06/23 12:0 a.m.5 views

Ubiquiti UniFi OS Improper Access Control Vulnerability

Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system...

10CVSS5.9AI score0.02452EPSS
In wildExploits2
Github Security Blog
Github Security Blogadded 2026/06/22 11:20 p.m.9 views

Budibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId Override

Summary The webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution parameters. A mass assignment vulnerability in externalTrigger allows an attacker to overwrite the internal appId property by including it in the webhook POST...

8.2CVSS6.6AI score0.00412EPSS
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/22 10:38 p.m.9 views

Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
OSV
OSVadded 2026/06/22 10:38 p.m.7 views

MAL-2026-6274 Malicious code in web3-token-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c826bf782895b60580b94e3a28a2c4562d3742420ce81e9895ad8568da57890 The package advertises itself as a Web3 fee utility but its main export is a dropper. index.js line 140 base64-decodes a platform-specific command...

5.8AI score
Exploits0References6
Rows per page
Query Builder