Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

261 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support for specifying the srptserviceguid parameter. The current behavior is that setting this parameter while loading the ibsrpt kernel module triggers a kernel crash. Bug: Kernel’s NULL pointer dereferencing, addres...

5.5CVSS6.2AI score0.00007EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.3 views

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as well: BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasancheckrange+0xe8/0x190 asanloadN+0x1c/0x28 memcmp+0x98/0xd0...

7.1CVSS6.7AI score0.00022EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/05/02 12:0 a.m.1 views

SUSE SLED15 / SLES15 Security Update : python-Pygments (SUSE-SU-2026:1667-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1667-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Tenab...

4.8CVSS5.8AI score0.00007EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/05/02 12:0 a.m.0 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-Pygments (SUSE-SU-2026:1666-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:1666-1 advisory. - CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS...

4.8CVSS5.8AI score0.00007EPSS
Exploits0References4
SUSE Linux
SUSE Linuxadded 2026/04/30 5:22 p.m.1 views

Security update for python-Pygments

This update for python-Pygments fixes the following issues: CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

3.3CVSS5.8AI score0.00007EPSS
Exploits0References4
SUSE Linux
SUSE Linuxadded 2026/04/30 5:22 p.m.1 views

Security update for python-Pygments

This update for python-Pygments fixes the following issues: CVE-2026-4539: inefficient regex for GUID and ID pattern matching can lead to archetype lexer ReDoS bsc1260796. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypp...

3.3CVSS5.8AI score0.00007EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2026/04/21 12:0 a.m.1 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007029)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007029 advisory. In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare Observed on kernel 6.6 present on master as...

7.1CVSS5.6AI score0.00022EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/04/20 7:22 p.m.2 views

CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00041EPSS
Exploits0References1
NVD
NVDadded 2026/04/17 10:16 p.m.1 views

CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS0.00041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/17 9:9 p.m.1 views

CVE-2026-40306

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00041EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/04/17 9:9 p.m.15 views

CVE-2026-40306 DNN has same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS0.00041EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/17 9:9 p.m.1 views

CVE-2026-40306 DNN has same HostGUID for all new installs

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00041EPSS
Exploits0References2
Snyk
Snykadded 2026/04/10 9:7 p.m.0 views

Generation of Predictable Numbers or Identifiers

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers in the form of generation of identical HostGUID values during installation. An...

6.9CVSS5.8AI score0.00041EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/04/10 12:0 a.m.1 views

PT-2026-32982

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affect upgrades from 9.x.x. Version 10.2.2 patches the issue...

6.9CVSS5.8AI score0.00041EPSS
Exploits0References6
OSV
OSVadded 2026/03/22 6:30 a.m.1 views

GHSA-5239-WWWM-4PMQ Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching

A security flaw has been discovered in pygments before 2.20.0. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit has been release...

4.8CVSS5.4AI score0.00007EPSS
Exploits0References9
RedhatCVE
RedhatCVEadded 2026/02/20 1:27 p.m.4 views

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

9.8CVSS6.1AI score0.00234EPSS
Exploits0References1
OSV
OSVadded 2026/02/19 11:15 a.m.1 views

CVE-2025-15559

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

9.8CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/19 10:45 a.m.3 views

CVE-2025-15559 Unauthenticated OS Command Injection in NesterSoft WorkTime

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

5.9AI score0.00234EPSS
Exploits0References1
CVE
CVEadded 2026/02/19 10:45 a.m.7 views

CVE-2025-15559

The CVE describes an unauthenticated OS command injection in NesterSoft WorkTime, exploitable via the server API endpoint used to generate/download the WorkTime client, specifically in the risk-prone “guid” parameter. The underlying issue allows arbitrary commands to run on the WorkTime server wi...

9.8CVSS6.1AI score0.00234EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2026/02/19 12:0 a.m.3 views

PT-2026-20798

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

6.1AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder