Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

585 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/22 10:3 p.m.4 views

CVE-2026-47280

Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00093EPSS
Exploits0References2
Snyk
Snykadded 2026/05/20 3:46 p.m.2 views

Missing Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...

8.8CVSS5.8AI score0.00044EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/04/22 7:22 a.m.3 views

CVE-2026-35154

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially...

6.7CVSS5.8AI score0.00013EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/07 11:1 p.m.3 views

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00043EPSS
Exploits1References1
CNNVD
CNNVDadded 2026/03/24 12:0 a.m.3 views

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is an office knowledge management system developed by Galaxy Software Services. There is a security vulnerability in Galaxy Software Services Vitals ESP, which stems from improper authorization. This vulnerability could allow authenticated remote attackers to...

8.8CVSS5.9AI score0.00154EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/11 12:0 a.m.2 views

Zoom Clients for Windows 安全漏洞

Zoom Clients for Windows is a video conferencing software developed by the American company Zoom. There is a security vulnerability in Zoom Clients for Windows, which stems from improper permission management. This vulnerability could allow authenticated users to elevate their permissions through...

7.8CVSS5.8AI score0.00018EPSS
Exploits0References1
OSV
OSVadded 2026/03/10 6:18 p.m.1 views

CVE-2026-21262

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00087EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/02 12:0 a.m.1 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from a logical error in the removePermission function. This flaw may lead to an increase in local permissions...

7.8CVSS5.8AI score0.00003EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/13 12:0 a.m.1 views

PT-2026-2695

Name of the Vulnerable Software and Affected Versions Windows SMB Server affected versions not specified Description A race condition exists in Windows SMB Server due to concurrent execution using a shared resource with improper synchronization. This allows an authorized attacker to potentially...

7.5CVSS5.4AI score0.00076EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/12/24 12:0 a.m.4 views

PT-2026-21793

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 contain a Missing Authorization issue. A low privileged attacker with remote access could potentially exploit this, leading to...

9CVSS5.3AI score0.00062EPSS
Exploits0References14
Positive Technologies
Positive Technologiesadded 2025/12/09 12:0 a.m.1 views

PT-2025-50189

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A flaw exists in Windows Shell that could allow a local attacker to gain elevated privileges. The issue is a use-after-free condition. Recommendations At the moment, there is no...

7.3CVSS6.3AI score0.00056EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/12/03 12:0 a.m.1 views

CVE-2025-53841

The GC-AGENTS-SERVICE running as part of Akamai´s Guardicore Platform Agent for Windows versions prior to v49.20.1, v50.15.0, v51.12.0, v52.2.0 is affected by a local privilege escalation vulnerability. The service will attempt to read an OpenSSL configuration file from a non-existent location th...

7.8CVSS6.9AI score0.0003EPSS
Exploits0References4
Snyk
Snykadded 2025/11/30 1:14 p.m.1 views

Malicious Package

Overview elevate-log is a malicious package. This package contains malicious code associated with a social engineering campaign called "Contagious Interview." The attackers target developers through fake job interviews or coding test assignments that require the installation of this package. Once...

9.8CVSS7.2AI score
Exploits0References3
CVE
CVEadded 2025/11/12 7:35 a.m.13 views

CVE-2025-12870

The CVE-2025-12870 entry concerns the a+HRD product from aEnrich. The vulnerability is described as an Authentication Abuse issue whereby unauthenticated remote attackers can craft packets to obtain administrator access tokens and then operate with elevated privileges on the system. The reported ...

9.8CVSS6.7AI score0.00145EPSS
Exploits0References3Affected Software1
CNNVD
CNNVDadded 2025/11/12 12:0 a.m.3 views

Schneider Electric PowerChute Serial Shutdown 安全漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown, and energy management software from Schneider Electric France. A security vulnerability exists in Schneider Electric PowerChute Serial Shutdown that stems from an improperly restricted pathname, which could allow ...

7.3CVSS6.3AI score0.00024EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/14 12:0 a.m.1 views

PT-2025-41997

Name of the Vulnerable Software and Affected Versions Microsoft Graphics Component affected versions not specified Description A use after free issue exists in the Microsoft Graphics Component. This flaw could allow an authorized attacker to elevate privileges over a network. Recommendations At t...

9.9CVSS9.4AI score0.00101EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-1251

Malware in sbrugna...

7.2CVSS6.9AI score0.00056EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-10491

Malware in sbrugna...

8.8CVSS8.8AI score0.00385EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-24864

Malware in sbrugna...

7.8CVSS7.6AI score0.00036EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2018-5349

Malware in sbrugna...

7.8CVSS6.1AI score0.0004EPSS
Exploits0References15
Rows per page
Query Builder