Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

73238 matches found

OSV
OSVadded 2026/05/22 1:22 p.m.7 views

OESA-2026-2435 dnsmasq security update

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portabl...

8.4CVSS6.4AI score0.0024EPSS
Exploits4References7
The Hacker News
The Hacker Newsadded 2026/05/22 5:47 a.m.11 views

CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities in question are listed below -...

9.4CVSS8.1AI score0.32746EPSS
Exploits3
Snyk
Snykadded 2026/05/22 5:32 a.m.6 views

Incorrect Authorization

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Authorization. When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References2
NVD
NVDadded 2026/05/22 4:16 a.m.10 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS0.00042EPSS
Exploits0References5
NVD
NVDadded 2026/05/22 4:16 a.m.6 views

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS0.00034EPSS
Exploits0References4
OSV
OSVadded 2026/05/22 4:16 a.m.3 views

UBUNTU-CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/22 2:31 a.m.29 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

0.00034EPSS
Exploits0References4
CVE
CVEadded 2026/05/22 2:31 a.m.14 views

CVE-2026-39828

CVE-2026-39828 affects the SSH handling in golang.org/x/crypto/ssh. When an SSH server authentication callback returns PartialSuccessError with non-nil Permissions, the permissions are discarded, potentially bypassing certificate restrictions (e.g., force-command) after 2FA. Returning non-nil Per...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVEadded 2026/05/22 2:31 a.m.4 views

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS5.8AI score0.00034EPSS
Exploits0
EUVD
EUVDadded 2026/05/22 2:31 a.m.7 views

EUVD-2026-31393

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.3CVSS5.8AI score0.00029EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/22 2:31 a.m.4 views

CVE-2026-39833

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

5.8AI score0.00042EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/22 2:31 a.m.32 views

CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

0.00042EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/22 2:31 a.m.5 views

EUVD-2026-31389

The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...

9.1CVSS5.8AI score0.00042EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/22 2:31 a.m.4 views

EUVD-2026-31394

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/05/22 2:31 a.m.3 views

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

5.8AI score0.00034EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/22 2:31 a.m.5 views

CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

5.8AI score0.00034EPSS
Exploits0References4
OSV
OSVadded 2026/05/22 2:8 a.m.2 views

GO-2026-5014 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS5.8AI score0.00034EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1070e Security Update: jackson-dataformats-binary (UTSA-2026-016707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016707 advisory. This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation o...

7.5CVSS6.8AI score0.00317EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/05/22 12:0 a.m.4 views

Microsoft Entra ID 访问控制错误漏洞

Microsoft Entra ID is a cloud-based identity and management solution provided by Microsoft Corporation. There is an access control vulnerability in Microsoft Entra ID, which stems from a source verification error. This vulnerability could allow unauthorized attackers to escalate their privileges...

10CVSS5.8AI score0.00043EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/22 12:0 a.m.5 views

authentik 安全漏洞

Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 2025.12.5, as well as versions from 2026.2.0-rc1 to 2026.2.2, contained security vulnerabilities. These vulnerabilities stemmed from the PATCH /api/v3/core/users/pk/ API, which...

8.1CVSS5.9AI score0.00011EPSS
Exploits0References3
Rows per page
Query Builder