Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1203 matches found

Tenable Nessus
Tenable Nessusadded 2026/03/13 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-31806

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdisurfacebits function processes SURFACEBITSCOMMAND messages sent by the...

9.8CVSS6.1AI score0.00532EPSS
Exploits1References3
Snyk
Snykadded 2026/03/12 10:39 p.m.5 views

Uncaught Exception

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception through improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. An attacker can cause the process...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References2
Snyk
Snykadded 2026/03/12 10:39 p.m.2 views

Uncaught Exception

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception through improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. An attacker can cause the process to terminate...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References2
OSV
OSVadded 2026/03/12 9:16 p.m.3 views

DEBIAN-CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS7.5AI score0.00487EPSS
Exploits0References1
OSV
OSVadded 2026/03/12 9:16 p.m.2 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.7AI score
Exploits0References5
NVD
NVDadded 2026/03/12 9:16 p.m.5 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS0.00487EPSS
Exploits0References5
OSV
OSVadded 2026/03/12 9:16 p.m.1 views

UBUNTU-CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.7AI score0.00487EPSS
Exploits0References2
CVE
CVEadded 2026/03/12 8:27 p.m.41 views

CVE-2026-2229

The CVE affects the undici WebSocket client. It arises from improper validation of the server_max_window_bits parameter in the permessage-deflate extension: isValidClientWindowBits() only checks ASCII digits and not the 8–15 range, and createInflateRaw() is not wrapped in a try-catch. A malicious...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVEadded 2026/03/12 8:27 p.m.2 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS7.5AI score0.00487EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/03/12 8:27 p.m.5 views

CVE-2026-2229

ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...

7.5CVSS5.8AI score0.00487EPSS
Exploits0References6
Ubuntu
Ubuntuadded 2026/03/12 2:16 p.m.8 views

USN-8087-1: python-cryptography vulnerability

It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...

8.2CVSS5.8AI score0.00227EPSS
Exploits0
OSV
OSVadded 2026/03/12 2:16 p.m.4 views

USN-8087-1 python-cryptography vulnerability

It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...

8.2CVSS7.3AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/12 12:0 a.m.3 views

PT-2026-25076

Name of the Vulnerable Software and Affected Versions undici versions prior to 7.24.0 Description The undici WebSocket client is susceptible to a denial-of-service attack because of insufficient validation of the server max window bits parameter within the permessage-deflate extension. When a...

7.5CVSS6.7AI score0.00487EPSS
Exploits0References211
Positive Technologies
Positive Technologiesadded 2026/03/12 12:0 a.m.5 views

PT-2026-25088

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.5.1 Description Ella Core is a 5G core designed for private networks. The software experiences a panic, leading to a denial of service, when processing a PathSwitchRequest containing UE Security Capabilities with...

9.9CVSS7.1AI score0.22162EPSS
Exploits68References140
CVE
CVEadded 2026/02/24 4:39 p.m.14 views

CVE-2024-48928

Piwigo CVE-2024-48928 affects 14.x branch installations where secret_key is set to MD5(RAND()) in MySQL. RAND() offers about 30 bits of entropy, making brute-forcing feasible within roughly an hour. The CSRF token partially derives from the secret_key, allowing verification of a brute-force attem...

7.5CVSS5.4AI score0.0026EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/02/24 4:39 p.m.19 views

CVE-2024-48928 Piwigo's secret key can be brute forced

Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secretkey configuration parameter is set to MD5RAND in MySQL. However, RAND only has 30 bits of randomness, making it feasible to brute-force the secret key. The CSRF token is...

6.9CVSS0.0026EPSS
Exploits0References2
UbuntuCve
UbuntuCveadded 2026/02/18 3:18 p.m.4 views

CVE-2026-23215

In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page Hardware...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References11
OSV
OSVadded 2026/02/18 3:18 p.m.3 views

UBUNTU-CVE-2026-23215

In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 PF: supervisor write access in kernel mode PF: errorcode0x0002 - not-present page Hardware...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References14
RedhatCVE
RedhatCVEadded 2026/02/16 2:38 p.m.8 views

CVE-2026-23118

A data race flaw was found in the Linux kernel's RxRPC protocol implementation. The lasttxat field is accessed without proper synchronization between rxrpcpeerkeepaliveworker and rxrpcsenddatapacket. Additionally, on 32-bit architectures, the 64-bit lasttxat value can experience load/store tearin...

4.7CVSS5.3AI score0.00086EPSS
Exploits0References4
OSV
OSVadded 2026/02/14 4:15 p.m.1 views

AZL-77703 CVE-2026-23138 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing the rcu events with the kernel stack trace trigger enabled. The stack trace code called back into...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
Rows per page
Query Builder