Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

20602 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/25 8:19 p.m.10 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

5.9CVSS5.8AI score0.00412EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2026/05/25 7:16 a.m.10 views

CVE-2026-25193

Insertion of Sensitive Information into Log File CWE-532 in some Command Centre Service installers could lead to Service Account credentials exposure. Mitigating Factor: Only sites that install Command Centre Services with a custom Service Account not the default Network Service account are...

8.1CVSS0.00132EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/23 1:8 p.m.13 views

Malicious code in lhisp-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9ba8f52d22e4435a81a1ffe643e4bb25b0e64fff60c585cac35c164e4ccb24f The package is published as a generic logging library but configures a pino-loki transport whose destination defaults to...

5.8AI score
Exploits0References1
OSV
OSVadded 2026/05/23 1:8 p.m.6 views

MAL-2026-4598 Malicious code in lhisp-logger (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a9ba8f52d22e4435a81a1ffe643e4bb25b0e64fff60c585cac35c164e4ccb24f The package is published as a generic logging library but configures a pino-loki transport whose destination defaults to...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/05/23 1:36 a.m.8 views

SUSE CVE-2024-3220

There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file locations are writable meaning other users can create invalid files to cause MemoryError to be raised on Python runtime startup or have file extensions be interpreted as the...

2.3CVSS5.8AI score0.00478EPSS
Exploits0References3
Oracle linux
Oracle linuxadded 2026/05/23 12:0 a.m.18 views

firefox security update

140.10.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.10.1 - Add debranding patches Mustafa Gezen - Add OpenELA default preferences Louis Abel 140.10.1-1 - Update to 140.10.1 ESR...

9.6CVSS6AI score0.00314EPSS
Exploits0
NVD
NVDadded 2026/05/22 11:16 p.m.22 views

CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS0.00401EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/22 10:34 p.m.11 views

CVE-2026-41149

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, are vulnerable to HTML injection under the default configuration. Specifically, the classDef directive in Mermaid state...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2026/05/22 2:16 p.m.8 views

CVE-2026-8672

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS0.00105EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/22 1:17 p.m.8 views

CVE-2026-8672 Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/22 1:17 p.m.10 views

EUVD-2026-31437

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References1
CVE
CVEadded 2026/05/22 1:17 p.m.20 views

CVE-2026-8672

CVE-2026-8672 affects Syslink Software AG Avantra (Linux/Windows). The issue is a default credentials vulnerability enabling local access to an internal DB, with attackers needing high privileges and no user interaction. CVSS v3.1: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N; impact limited to confidenti...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/05/22 1:17 p.m.28 views

CVE-2026-8672 Default credentials for internal DB

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/22 1:17 p.m.6 views

CVE-2026-8672

Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0...

5.1CVSS5.8AI score0.00105EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packagesadded 2026/05/22 9:9 a.m.10 views

Malicious code in @pisell/pisellos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e11b6f8e400f4de371e79ce547444daf3787d6217037ea2e8d05c8ba86cbfbb2 The package advertises itself as a point-of-sale / venue-booking SDK, but its ScanOrderImpl and VenueBookingImpl solution classes register a default...

5.8AI score
Exploits0References6
OSV
OSVadded 2026/05/22 9:9 a.m.5 views

MAL-2026-4417 Malicious code in @pisell/pisellos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e11b6f8e400f4de371e79ce547444daf3787d6217037ea2e8d05c8ba86cbfbb2 The package advertises itself as a point-of-sale / venue-booking SDK, but its ScanOrderImpl and VenueBookingImpl solution classes register a default...

5.8AI score
Exploits0References6
NVD
NVDadded 2026/05/22 4:16 a.m.15 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS0.00276EPSS
Exploits0References1
CVE
CVEadded 2026/05/22 2:57 a.m.12 views

CVE-2026-9053

Technical details (affected product/version, root cause, exploitability) are not publicly available in the provided documents. Monitor for updates from official sources.

8.2CVSS5.8AI score0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/22 2:57 a.m.5 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/22 2:57 a.m.6 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References2
Rows per page
Query Builder