Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1085374 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/06/18 10:28 p.m.13 views

Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score
Exploits0References2
OSV
OSVadded 2026/06/18 10:28 p.m.8 views

MAL-2026-6144 Malicious code in runtime-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95ac68a991ebaacd1aef772aa462ad53510471f9f4439659a6e685e877aa460e On require, index.js lines 70-77 fetches JSON from https://jsonkeeper.com/b/CI3HT, extracts the .cookie field from the response, and passes it to new...

6.5AI score
Exploits0References2
OSV
OSVadded 2026/06/18 9:16 p.m.7 views

DEBIAN-CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS6.1AI score0.0045EPSS
Exploits1References1
NVD
NVDadded 2026/06/18 9:16 p.m.10 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS0.0045EPSS
Exploits1References2
OSV
OSVadded 2026/06/18 9:16 p.m.3 views

MINI-6CQ8-PPPP-94WQ

Bulletin has no description...

2.2CVSS5.8AI score0.00074EPSS
Exploits0
OSV
OSVadded 2026/06/18 9:16 p.m.3 views

MINI-9G35-C55Q-6PP7

Bulletin has no description...

5.3CVSS5.7AI score0.00259EPSS
Exploits1
OSV
OSVadded 2026/06/18 9:16 p.m.3 views

UBUNTU-CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS6.1AI score0.0045EPSS
Exploits1References5
Chainguard
Chainguardadded 2026/06/18 8:21 p.m.9 views

GHSA-VMF3-W455-68VH vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, wazuh-dashboard-fips, pulumi, saf, homepage, prism, code-server, graalvm, wazuh-dashboard, npm, actions-runner, opensearch-dashboards-fips, renovate...

5.8AI score
Exploits0
Chainguard
Chainguardadded 2026/06/18 8:21 p.m.9 views

CVE-2026-53655 vulnerabilities

Vulnerabilities for packages: opensearch-dashboards, wazuh-dashboard-fips, pulumi, saf, homepage, prism, code-server, graalvm, wazuh-dashboard, npm, actions-runner, opensearch-dashboards-fips, renovate...

6.9CVSS5.8AI score0.00107EPSS
Exploits1
Wolfi
Wolfiadded 2026/06/18 8:20 p.m.10 views

GHSA-R7G4-QG5F-QQM2 vulnerabilities

Vulnerabilities for packages: langfuse...

5.2AI score
Exploits0
Wolfi
Wolfiadded 2026/06/18 8:20 p.m.7 views

CVE-2026-53655 vulnerabilities

Vulnerabilities for packages: npm, saf, prism, pulumi, renovate, code-server...

6.9CVSS5.8AI score0.00107EPSS
Exploits1
Wolfi
Wolfiadded 2026/06/18 8:20 p.m.8 views

GHSA-VMF3-W455-68VH vulnerabilities

Vulnerabilities for packages: npm, saf, prism, pulumi, renovate, code-server...

5.8AI score
Exploits0
NVD
NVDadded 2026/06/18 8:16 p.m.11 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS0.00149EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/18 8:4 p.m.8 views

CVE-2026-52726

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. This vulnerability allows a remote attacker to achieve arbitrary code execution by crafting a malicious Git submodule. When a user clones or updates a repository with such a submodule, the...

7.5CVSS6.6AI score0.00448EPSS
Exploits0References5
CVE
CVEadded 2026/06/18 7:54 p.m.15 views

CVE-2026-49248

OneDev CVE-2026-49248 affects versions 15.0.6 and earlier. TarUtils.untar() creates symbolic links using entry getLinkName() without validating absolute path targets; a following file entry can traverse the symlink and write to arbitrary server-side locations. This enables RCE-like behavior for a...

8.3CVSS5.4AI score0.00382EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/18 7:44 p.m.6 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS5.7AI score0.0045EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/06/18 7:44 p.m.17 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS0.0045EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2026/06/18 7:44 p.m.6 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS6.1AI score0.0045EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/18 7:42 p.m.38 views

Security Bulletin: Vulnerabilities in OpenSSL

Question Security Bulletin: Vulnerabilities in OpenSSL "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

5.4AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/06/18 7:39 p.m.7 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References4
Rows per page
Query Builder