Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

103090 matches found

OSV
OSVadded 2026/05/08 2:16 p.m.5 views

UBUNTU-CVE-2026-41506

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

7.4CVSS5.7AI score0.00259EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/08 1:43 p.m.51 views

CVE-2026-41506 go-git Credential leak via cross-host redirect in smart HTTP transport

go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha....

4.7CVSS0.00259EPSS
Exploits0References3
OSV
OSVadded 2026/05/08 5:45 a.m.8 views

BIT-JRE-2023-22081

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...

5.3CVSS6.5AI score0.014EPSS
Exploits0References8
OSV
OSVadded 2026/05/08 5:45 a.m.3 views

BIT-JRE-2023-21939

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...

5.3CVSS7.2AI score0.02474EPSS
Exploits1References9
OSV
OSVadded 2026/05/08 5:45 a.m.4 views

BIT-JRE-2022-39399

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Difficult to exploit vulnerabilit...

3.7CVSS6.5AI score0.01473EPSS
Exploits0References6
OSV
OSVadded 2026/05/08 5:43 a.m.5 views

BIT-JRE-2020-2800

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network acce...

5.8CVSS6.7AI score0.02879EPSS
Exploits0References15
OSV
OSVadded 2026/05/08 5:43 a.m.5 views

BIT-JRE-2020-2778

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.3CVSS6.7AI score0.02298EPSS
Exploits0References6
NVD
NVDadded 2026/05/08 4:16 a.m.17 views

CVE-2026-41645

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

5.3CVSS0.00344EPSS
Exploits0References6
UbuntuCve
UbuntuCveadded 2026/05/08 4:16 a.m.6 views

CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

9.1CVSS5.7AI score0.00414EPSS
Exploits1References6
OSV
OSVadded 2026/05/08 4:16 a.m.6 views

UBUNTU-CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

9.1CVSS5.7AI score0.00414EPSS
Exploits1References7
Vulnrichment
Vulnrichmentadded 2026/05/08 3:20 a.m.7 views

CVE-2026-42264 Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

7.4CVSS5.7AI score0.00414EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/05/08 3:20 a.m.4 views

CVE-2026-42264

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

7.4CVSS5.7AI score0.00414EPSS
Exploits1References5Affected Software1
CVE
CVEadded 2026/05/08 3:20 a.m.22 views

CVE-2026-42264

Summary: CVE-2026-42264 affects Axios, a promise-based HTTP client for browser/Node.js. The vulnerability lies in the HTTP adapter: from 1.0.0 up to, but not including, 1.15.2, certain config properties (auth, baseURL, socketPath, beforeRedirect, insecureHTTPParser) are read via direct property a...

9.1CVSS5.7AI score0.00414EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2026/05/08 3:20 a.m.30 views

CVE-2026-42264 Axios: Prototype pollution read-side gadgets in HTTP adapter allow credential injection and request hijacking

Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser in the HTTP adapter are read via direct property access without hasOwnProperty guards, making th...

7.4CVSS0.00414EPSS
Exploits1References4
Fedora
Fedoraadded 2026/05/08 1:3 a.m.12 views

[SECURITY] Fedora 43 Update: perl-Starman-0.4018-1.fc43

Starman is a PSGI perl web server that has unique features such as high performance, preforking, use of signals and a small memory footprint. It is P SGI compatible and offers HTTP/1.1 support...

7.5CVSS5.8AI score0.00487EPSS
Exploits0
Fedora
Fedoraadded 2026/05/08 12:50 a.m.10 views

[SECURITY] Fedora 44 Update: perl-Starman-0.4018-1.fc44

Starman is a PSGI perl web server that has unique features such as high performance, preforking, use of signals and a small memory footprint. It is P SGI compatible and offers HTTP/1.1 support...

7.5CVSS5.8AI score0.00487EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.10 views

PT-2026-38781

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Swing. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable...

5.3CVSS5.9AI score0.02474EPSS
Exploits1References10
CVE
CVEadded 2026/05/08 12:0 a.m.14 views

CVE-2026-38360

CVE-2026-38360 affects fohrloop dash-uploader, with directory traversal in dash_uploader/httprequesthandler.py affecting versions 0.1.0 through 0.7.0a2. The vulnerability arises from unvalidated user-supplied values used in get_temp_root (upload_id), resumableFilename, and resumableIdentifier, wh...

9.8CVSS6AI score0.05982EPSS
Exploits4References8
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.12 views

PT-2026-39253

Name of the Vulnerable Software and Affected Versions free5GC versions prior to 4.2.2 Description The UDR nudr-dr handler for the endpoint "DELETE /subscription-data/ueId/servingPlmnId/ee-subscriptions/subsId/amf-subscriptions" contains a nil-pointer dereference. This occurs when a request is mad...

6.5CVSS5.8AI score0.0035EPSS
Exploits1References8
Positive Technologies
Positive Technologiesadded 2026/05/08 12:0 a.m.12 views

PT-2026-39264

Name of the Vulnerable Software and Affected Versions MCP Registry versions prior to 1.7.7 Description The MCP Registry contains a Server-Side Request Forgery SSRF issue in its HTTP-based namespace verification process. The system uses a function called safeDialContext to prevent connections to...

6.3CVSS5.9AI score0.00285EPSS
Exploits1References11
Rows per page
Query Builder