Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1890 matches found

EUVD
EUVDadded 2026/03/02 3:17 p.m.3 views

EUVD-2025-208165

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST maindatabase parameter. This issue has been patched in version 1.11.30...

7.1CVSS5.9AI score0.00596EPSS
Exploits1References4
OSV
OSVadded 2026/02/23 12:19 a.m.1 views

OSV-2026-292 UNKNOWN WRITE in <wasmtime::runtime::func::Func>::call_unchecked_raw::<

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486503337 Crash type: UNKNOWN WRITE Crash state: ::calluncheckedraw::::queuecall...

5.4AI score
Exploits0References1
NVD
NVDadded 2026/02/21 9:15 a.m.5 views

CVE-2026-27479

Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery SSRF vulnerability in the subscription and payment logo/icon upload functionality. The application validates the IP address of the provided URL before making the...

7.7CVSS0.00044EPSS
Exploits1References3
NVD
NVDadded 2026/02/20 2:16 a.m.3 views

CVE-2026-2819

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS0.00016EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/02/20 1:32 a.m.25 views

CVE-2026-2819 Dromara RuoYi-Vue-Plus Workflow deleteByInstanceIds SaServletFilter authorization

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS0.00016EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/02/20 12:0 a.m.5 views

PT-2026-20990

A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be initiated remotely...

6.5CVSS5.2AI score0.00016EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/02/18 5:44 a.m.5 views

CVE-2026-24708

A flaw in OpenStack Nova’s interaction with the qemu-img utility allows an authenticated user to overwrite arbitrary files on the compute host. This occurs because Nova invokes qemu-img without strictly constraining the disk image format, enabling a malicious user to craft a QCOW2 header on a raw...

8.2CVSS5.4AI score0.00019EPSS
Exploits0References4
NVD
NVDadded 2026/02/14 5:15 p.m.5 views

CVE-2026-23210

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...

4.7CVSS0.00022EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2026/02/14 4:27 p.m.4 views

CVE-2026-23210

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...

4.7CVSS5.1AI score0.00022EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/02/11 1:33 a.m.6 views

CVE-2026-25492

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

6.5CVSS5.5AI score0.00015EPSS
Exploits1References1
OSV
OSVadded 2026/02/09 7:33 p.m.3 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.6AI score0.00015EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/02/09 7:33 p.m.5 views

CVE-2026-25492

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00015EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/02/09 7:33 p.m.2 views

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00015EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/02/09 12:0 a.m.3 views

PT-2026-7142

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the save images Asset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

5.3CVSS5.5AI score0.00015EPSS
Exploits1References4
GithubExploit
GithubExploitadded 2026/02/05 9:23 p.m.141 views

Exploit for CVE-2026-25643

CVE-2026-25643: Frigate NVR = 0.16.3 Authenticated RCE Ex...

5.5AI score0.01265EPSS
Exploits8
SUSE CVE
SUSE CVEadded 2026/02/05 12:25 a.m.2 views

SUSE CVE-2026-23062

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GETINSTANCEID macro The GETINSTANCEID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used 'name without checking if...

6.1CVSS5.3AI score0.00017EPSS
Exploits0References9
NVD
NVDadded 2026/02/04 5:16 p.m.4 views

CVE-2026-23062

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GETINSTANCEID macro The GETINSTANCEID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used 'name without checking if...

5.5CVSS0.00017EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2026/02/04 5:16 p.m.3 views

CVE-2026-23062

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GETINSTANCEID macro The GETINSTANCEID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used 'name without checking if...

5.5CVSS5.8AI score0.00017EPSS
Exploits0References12
OSV
OSVadded 2026/02/04 5:16 p.m.1 views

UBUNTU-CVE-2026-23062

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GETINSTANCEID macro The GETINSTANCEID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used 'name without checking if...

5.5CVSS5.7AI score0.00017EPSS
Exploits0References13
EUVD
EUVDadded 2026/02/04 4:7 p.m.2 views

EUVD-2026-5482

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GETINSTANCEID macro The GETINSTANCEID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used 'name without checking if...

5.3AI score0.00017EPSS
Exploits0References4
Rows per page
Query Builder