Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40937 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/12 6:59 p.m.4 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00009EPSS
Exploits0References2Affected Software2
CVE
CVEadded 2026/05/12 6:59 p.m.11 views

CVE-2026-6959

CVE-2026-6959 affects HashiCorp Nomad and Nomad Enterprise older than 2.0.1, allowing arbitrary file read/write on the client host as the Nomad process user via a symlink attack. Impact: potential unauthorized access or manipulation on the client host; CVSS 3.1 base score 6.0 (Scope Changed, Priv...

6CVSS5.9AI score0.00009EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 6:59 p.m.33 views

CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS0.00009EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 6:17 p.m.6 views

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

9.8CVSS0.00269EPSS
Exploits0References2
NVD
NVDadded 2026/05/12 6:17 p.m.8 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS0.00035EPSS
Exploits0References1
OSV
OSVadded 2026/05/12 6:17 p.m.5 views

DEBIAN-CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/05/12 6:17 p.m.6 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/12 5:57 p.m.9 views

CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS5.8AI score0.00023EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 5:57 p.m.26 views

CVE-2026-42541 Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions which isn't the default can craft a policy that makes use of the cani host callback. The callback issues a SubjectAccessReview SAR requests to enumerate...

4.3CVSS0.00023EPSS
Exploits0References1
NVD
NVDadded 2026/05/12 5:16 p.m.6 views

CVE-2026-43991

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constructions, allowing unauthorized command execution on the host when combined with the companion...

8.4CVSS0.00033EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 5:11 p.m.9 views

CVE-2026-42177

CVE-2026-42177 affects the linux-entra-sso browser plugin for Linux. Before v1.8.1, the Chrome adapter used a declarativeNetRequest rule with urlFilter of https://login.microsoftonline.com/, which is substring-matched against full URLs, and the associated action could modify headers to attach the...

5.3CVSS5.8AI score0.00035EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/12 5:11 p.m.4 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVEadded 2026/05/12 5:11 p.m.8 views

CVE-2026-42177

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS
Exploits0
Vulnrichment
Vulnrichmentadded 2026/05/12 5:11 p.m.3 views

CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/12 5:11 p.m.7 views

EUVD-2026-29703

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS5.8AI score0.00035EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 5:11 p.m.29 views

CVE-2026-42177 linux-entra-sso: PRT SSO cookie can leak to attacker-controlled hosts when broad host permissions are granted

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSOURL + "/", i.e. "https://login.microsoftonline.com/". Chrome's urlFilter without a |...

5.3CVSS0.00035EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/12 4:39 p.m.5 views

CVE-2026-44343 WGDashboard: Critical Vulnerability in 4.3.2

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

9.3CVSS5.8AI score0.00269EPSS
Exploits0References2
CVE
CVEadded 2026/05/12 4:39 p.m.10 views

CVE-2026-44343

WGDashboard (WireGuard VPN dashboard) contains a critical vulnerability prior to version 4.3.2 that could allow unauthenticated parties to access the host filesystem. The root cause details are not provided beyond the high‑level impact in the CVE record, and exploitation details are not disclosed...

9.8CVSS5.8AI score0.00269EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/12 4:39 p.m.8 views

EUVD-2026-29732

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

9.3CVSS5.8AI score0.00269EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/12 4:39 p.m.4 views

CVE-2026-44343

WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file system without authentication. This vulnerability is fixed in 4.3.2...

9.3CVSS5.8AI score0.00269EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder