Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8486 matches found

RedhatCVE
RedhatCVEadded 2026/02/05 1:22 a.m.4 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/02/05 12:24 a.m.4 views

SUSE CVE-2026-23083

In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOUATTRIPPROTO. fouudprecv has the same problem mentioned in the previous patch. If FOUATTRIPPROTO is set to 0, skb is not freed by fouudprecv nor "resubmit"-ted in ipprotocoldeliverrcu. Let's forbid 0 for...

3.3CVSS5.2AI score0.00129EPSS
Exploits0References20
OSV
OSVadded 2026/02/04 9:15 p.m.3 views

CVE-2023-38281

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.6AI score0.00285EPSS
Exploits0References1
NVD
NVDadded 2026/02/04 9:15 p.m.4 views

CVE-2023-38281

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS0.00285EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/02/04 8:45 p.m.24 views

CVE-2023-38281 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS0.00285EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/04 8:45 p.m.3 views

CVE-2023-38281 Multiple Vulnerabilities in IBM Cloud Pak System

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/04 8:45 p.m.4 views

CVE-2023-38281

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2026/02/04 8:45 p.m.13 views

CVE-2023-38281

CVE-2023-38281 affects IBM Cloud Pak System. The issue is that authorization tokens and session cookies are not marked with the Secure attribute, allowing cookies to be exposed if a user visits an http link or if a link is planted on a site, enabling traffic snooping. Affected products/versions i...

5.3CVSS5.4AI score0.00285EPSS
Exploits0References1Affected Software2
UbuntuCve
UbuntuCveadded 2026/02/04 5:16 p.m.4 views

CVE-2026-23062

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GETINSTANCEID macro The GETINSTANCEID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used 'name without checking if...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References12
Cvelist
Cvelistadded 2026/02/04 4:8 p.m.23 views

CVE-2026-23083 fou: Don't allow 0 for FOU_ATTR_IPPROTO.

In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOUATTRIPPROTO. fouudprecv has the same problem mentioned in the previous patch. If FOUATTRIPPROTO is set to 0, skb is not freed by fouudprecv nor "resubmit"-ted in ipprotocoldeliverrcu. Let's forbid 0 for...

0.00129EPSS
Exploits0References7
CVE
CVEadded 2026/02/04 4:8 p.m.18 views

CVE-2026-23083

CVE-2026-23083 is a Linux kernel vulnerability affecting FOU (IPv4/IPv6 over UDP) handling, where setting FOU_ATTR_IPPROTO to 0 could leave the skb unfreed in fou_udp_recv() and not retried in ip_protocol_deliver_rcu(). The fix suppresses 0 for FOU_ATTR_IPPROTO and applies upstream patching to pr...

7.8CVSS5.2AI score0.00129EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/02/04 4:8 p.m.3 views

CVE-2026-23083

In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOUATTRIPPROTO. fouudprecv has the same problem mentioned in the previous patch. If FOUATTRIPPROTO is set to 0, skb is not freed by fouudprecv nor "resubmit"-ted in ipprotocoldeliverrcu. Let's forbid 0 for...

5.2AI score0.00129EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVEadded 2026/02/04 4:8 p.m.4 views

CVE-2026-23083

In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOUATTRIPPROTO. fouudprecv has the same problem mentioned in the previous patch. If FOUATTRIPPROTO is set to 0, skb is not freed by fouudprecv nor "resubmit"-ted in ipprotocoldeliverrcu. Let's forbid 0 for...

7.8CVSS5.1AI score0.00129EPSS
Exploits0
NVD
NVDadded 2026/02/04 2:16 p.m.8 views

CVE-2025-15368

The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'templatename' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files...

8.8CVSS0.0075EPSS
Exploits1References5
CVE
CVEadded 2026/02/04 1:24 p.m.19 views

CVE-2025-15368

Vulnerability summary (CVE-2025-15368) : The SportsPress WordPress plugin (versions up to 2.7.26) is vulnerable to Local File Inclusion via the shortcodes’ template_name attribute. Authenticated attackers with contributor-level permissions or higher can include and execute arbitrary server files,...

8.8CVSS6.5AI score0.0075EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/02/04 12:0 a.m.6 views

PT-2026-5864

Name of the Vulnerable Software and Affected Versions IBM Cloud Pak System affected versions not specified Description The software does not set the secure attribute on authorization tokens or session cookies. This could allow attackers to obtain cookie values by sending an insecure HTTP link to ...

5.3CVSS5.3AI score0.00285EPSS
Exploits0References3
CNNVD
CNNVDadded 2026/02/04 12:0 a.m.5 views

WordPress plugin SportsPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS6.1AI score0.0075EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/02/04 12:0 a.m.5 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from allowing FOUATTRIPPROTO to be set to 0, potentially leading to packets not being released properly...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/02/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fou: Don't allow 0 for FOUATTRIPPROTO. fouudprecv has the same problem mentioned in the previous patch. If FOUATTRIPPROTO is set to 0, skb is not freed by...

7.8CVSS5.4AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/02/04 12:0 a.m.4 views

PT-2026-21628

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-15 ImageMagick versions prior to 6.9.13-40 Description ImageMagick is software used for editing and manipulating digital images. A stack buffer overflow can occur when processing an attribute in the msl.c...

9.8CVSS6.1AI score0.00594EPSS
Exploits0References160
Rows per page
Query Builder