Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1085414 matches found

Chainguard
Chainguardadded 2026/06/18 8:21 p.m.9 views

CVE-2026-53655 vulnerabilities

Vulnerabilities for packages: pulumi, wazuh-dashboard, graalvm, wazuh-dashboard-fips, renovate, prism, opensearch-dashboards, saf, homepage, opensearch-dashboards-fips, npm, code-server, actions-runner...

6.9CVSS5.8AI score0.00107EPSS
Exploits1
Chainguard
Chainguardadded 2026/06/18 8:21 p.m.9 views

GHSA-VMF3-W455-68VH vulnerabilities

Vulnerabilities for packages: pulumi, wazuh-dashboard, graalvm, wazuh-dashboard-fips, renovate, prism, opensearch-dashboards, saf, homepage, opensearch-dashboards-fips, npm, code-server, actions-runner...

5.8AI score
Exploits0
Wolfi
Wolfiadded 2026/06/18 8:20 p.m.10 views

GHSA-R7G4-QG5F-QQM2 vulnerabilities

Vulnerabilities for packages: langfuse...

5.2AI score
Exploits0
Wolfi
Wolfiadded 2026/06/18 8:20 p.m.7 views

CVE-2026-53655 vulnerabilities

Vulnerabilities for packages: prism, renovate, saf, npm, code-server, pulumi...

6.9CVSS5.8AI score0.00107EPSS
Exploits1
Wolfi
Wolfiadded 2026/06/18 8:20 p.m.8 views

GHSA-VMF3-W455-68VH vulnerabilities

Vulnerabilities for packages: prism, renovate, saf, npm, code-server, pulumi...

5.8AI score
Exploits0
NVD
NVDadded 2026/06/18 8:16 p.m.11 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS0.00149EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/06/18 8:4 p.m.8 views

CVE-2026-52726

A flaw was found in Dulwich, a pure-Python implementation of Git file formats and protocols. This vulnerability allows a remote attacker to achieve arbitrary code execution by crafting a malicious Git submodule. When a user clones or updates a repository with such a submodule, the...

7.5CVSS6.6AI score0.00448EPSS
Exploits0References5
CVE
CVEadded 2026/06/18 7:54 p.m.15 views

CVE-2026-49248

OneDev CVE-2026-49248 affects versions 15.0.6 and earlier. TarUtils.untar() creates symbolic links using entry getLinkName() without validating absolute path targets; a following file entry can traverse the symlink and write to arbitrary server-side locations. This enables RCE-like behavior for a...

8.3CVSS5.4AI score0.00382EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/06/18 7:44 p.m.6 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS5.7AI score0.0045EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2026/06/18 7:44 p.m.6 views

CVE-2026-43994

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

9.8CVSS6.1AI score0.0045EPSS
Exploits1
Cvelist
Cvelistadded 2026/06/18 7:44 p.m.17 views

CVE-2026-43994 Coturn: Stack buffer overflow in decode_oauth_token_gcm()

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t noncelen field read from an attacker-supplied OAuth access token 0-65535 is passed directly to memcpy as the copy length into a 256-byte...

8.1CVSS0.0045EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/06/18 7:42 p.m.38 views

Security Bulletin: Vulnerabilities in OpenSSL

Question Security Bulletin: Vulnerabilities in OpenSSL "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

5.4AI score
Exploits0Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/06/18 7:39 p.m.7 views

CVE-2026-25865

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References4
EUVD
EUVDadded 2026/06/18 7:39 p.m.10 views

EUVD-2026-37940

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll ControlRunDLL input.dll. Attacker...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
CVE
CVEadded 2026/06/18 7:39 p.m.18 views

CVE-2026-25865

CVE-2026-25865 affects Punto Switcher 4.5.0.583. The vulnerability is an unquoted search path element invoked via WinExec when calling RunDll32.exe for shell32.dll Control_RunDLL input.dll, enabling local arbitrary code execution if an attacker places a malicious executable earlier in the search ...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
NVD
NVDadded 2026/06/18 7:16 p.m.10 views

CVE-2026-12390

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS0.00148EPSS
Exploits0References1
Metasploit
Metasploitadded 2026/06/18 7:1 p.m.85 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.6AI score0.26468EPSS
Exploits3
Snyk
Snykadded 2026/06/18 6:35 p.m.4 views

Unsafe Dependency Resolution

Overview @theia/ai-claude-code is a Theia - Claude Code Integration Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
Snyk
Snykadded 2026/06/18 6:35 p.m.7 views

Unsafe Dependency Resolution

Overview @theia/ai-code-completion is a Theia - AI Core Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...

8.8CVSS6.2AI score0.00272EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/18 6:30 p.m.6 views

EUVD-2026-37930

In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS5.4AI score0.00148EPSS
Exploits0References1
Rows per page
Query Builder