Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8414 matches found

OSV
OSVadded 2026/05/26 4:16 p.m.4 views

UBUNTU-CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References6
OSV
OSVadded 2026/05/26 12:30 p.m.5 views

SUSE-SU-2026:21836-1 Security update for cups

This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...

7.8CVSS6.5AI score0.00502EPSS
Exploits8References17
OSV
OSVadded 2026/05/26 11:41 a.m.7 views

SUSE-SU-2026:21871-1 Security update for cups

This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. - CVE-2026-34978: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss bsc1261571. - CVE-2026-34979: Heap overflow in getoption...

7.8CVSS6.5AI score0.00502EPSS
Exploits8References17
RedHat Linux
RedHat Linuxadded 2026/05/26 11:20 a.m.11 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS6.9AI score0.00237EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2026/05/26 3:24 a.m.25 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS5.7AI score0.00237EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2026/05/26 3:24 a.m.11 views

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/05/26 3:3 a.m.8 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS6.9AI score0.00237EPSS
Exploits0References6
CVE
CVEadded 2026/05/26 12:17 a.m.72 views

CVE-2026-42497

Archive::Tar for Perl versions before 3.08 contains a path traversal via hardlinks: _make_special_file() passes the tar header linkname to link() without validating absolute paths or .. segments, allowing a hardlink to attacker-controlled targets outside the extraction directory. A follow-up writ...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.8 views

PT-2026-43272

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp protocol.hpp, the parse raw bgp attribute function correctly identifies when extended length bit is set and sets length of...

5.8AI score0.00295EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.7 views

PT-2026-43321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Inadequate content filtering within the checkAttribute methods leads to Cross-Site Scripting XSS, a condition where malicious scripts are injected into otherwise...

6.9CVSS5.8AI score0.00144EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/26 12:0 a.m.6 views

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

5.8AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/26 12:0 a.m.8 views

PT-2026-43348

Name of the Vulnerable Software and Affected Versions Chatwoot versions 2.2.0 through 4.11.1 Description An issue exists in the conversation and contact filter APIs where user-supplied values in the values field of the filter payload are interpolated directly into SQL queries without...

8.5CVSS6AI score0.00227EPSS
Exploits1References4
Tenable Nessus
Tenable Nessusadded 2026/05/26 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, an...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/26 12:0 a.m.12 views

RHEL 9 : python-tornado (RHSA-2026:20572)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20572 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

8.7CVSS7.2AI score0.00375EPSS
Exploits0References7
Tenable Nessus
Tenable Nessusadded 2026/05/26 12:0 a.m.8 views

RHEL 10 : python-tornado (RHSA-2026:20577)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:20577 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

8.7CVSS5.9AI score0.00375EPSS
Exploits0References7
Snyk
Snykadded 2026/05/25 11:19 p.m.3 views

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview org.apache.shiro:shiro-core is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the for...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References2
Snyk
Snykadded 2026/05/25 11:19 p.m.6 views

Sensitive Cookie in HTTPS Session Without "Secure" Attribute

Overview org.apache.shiro:shiro-web is a powerful and easy-to-use Java security framework that performs authentication, authorization, cryptography, and session management. Affected versions of this package are vulnerable to Sensitive Cookie in HTTPS Session Without "Secure" Attribute in the form...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/05/25 9:16 p.m.9 views

CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/25 8:19 p.m.7 views

CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

5.9CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/25 8:19 p.m.7 views

EUVD-2026-31734

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

5.9CVSS5.8AI score0.00272EPSS
Exploits0References1
Rows per page
Query Builder