Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

588872 matches found

OSV
OSVadded 2026/06/11 10:16 p.m.3 views

DEBIAN-CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00286EPSS
Exploits0References1
NVD
NVDadded 2026/06/11 10:16 p.m.7 views

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00286EPSS
Exploits0References2
CVE
CVEadded 2026/06/11 9:55 p.m.13 views

CVE-2026-45171

Idira Privileged Session Manager (PSM) affected by CVE-2026-45171 due to incomplete input validation and misconfigured folder permissions. Versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5 are at risk. An authenticated, low-privileged user could potentially execute arbitrary code. The issue is...

8.7CVSS5.8AI score0.00487EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/11 9:55 p.m.30 views

CVE-2026-45171 Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation

Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager PSM versions prior to 15.0.3, 14.6.3, 14.2.5, and 14.0.5, an authenticated, low-privileged user could potentially execute arbitrary code. CyberArk Security Bulletin: CA26-17 and CA26-1...

8.7CVSS0.00487EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/11 9:41 p.m.29 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS0.00465EPSS
Exploits0References4
NVD
NVDadded 2026/06/11 9:16 p.m.9 views

CVE-2026-53819

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS0.00298EPSS
Exploits0References2
NVD
NVDadded 2026/06/11 9:16 p.m.7 views

CVE-2026-53813

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing...

7.8CVSS0.00114EPSS
Exploits0References2
NVD
NVDadded 2026/06/11 9:16 p.m.9 views

CVE-2026-53806

OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...

8.8CVSS0.00402EPSS
Exploits0References2
OSV
OSVadded 2026/06/11 8:54 p.m.2 views

USN-8425-1 libnginx-mod-js vulnerability

It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service...

9.8CVSS6.3AI score0.00889EPSS
Exploits0References2
CVE
CVEadded 2026/06/11 8:48 p.m.38 views

CVE-2026-12007

CVE-2026-12007 is a use-after-free in Chrome's Core on Windows, caused by a vulnerability in the handling of crafted HTML pages. The issue affects Chrome prior to version 149.0.7827.115 and could allow a remote attacker to execute arbitrary code. Google’s June 2026 stable-channel update (149.0.78...

8.8CVSS6AI score0.00286EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2026/06/11 8:48 p.m.5 views

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00286EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/06/11 8:48 p.m.6 views

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

6AI score0.00286EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/11 8:48 p.m.21 views

CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

0.00286EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/06/11 8:34 p.m.8 views

GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...

8.8CVSS7.2AI score0.01378EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/06/11 8:34 p.m.3 views

GHSA-G628-R368-6VH7 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution RCE. Impact If GeoServer has DB2 extension installed, this vulnerability can lead to executing arbitrary code. Details Authenticated users can access Vector Data Sources page to...

7.2CVSS5.7AI score0.00361EPSS
Exploits0References3
The Hacker News
The Hacker Newsadded 2026/06/11 8:29 p.m.15 views

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities

The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity...

9.8CVSS6.6AI score0.07511EPSS
Exploits2
Cvelist
Cvelistadded 2026/06/11 8:10 p.m.23 views

CVE-2026-53819 OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS0.00298EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/11 8:10 p.m.7 views

EUVD-2026-36325

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS6.2AI score0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/11 8:10 p.m.14 views

CVE-2026-53819 OpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS6.1AI score0.00298EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/11 8:8 p.m.7 views

EUVD-2026-36319

OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load memory-core artifacts from unintended local locations, potentially executing...

7.8CVSS5.5AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder