Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

61129 matches found

Circl
Circladded 2026/05/12 10:33 p.m.6 views

CVE-2026-4301

creationtimestamp| type| source ---|---|--- 2026-05-12 22:33:06+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mlott7s6ly2i...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
Circl
Circladded 2026/05/12 9:41 p.m.8 views

CVE-2026-45781

creationtimestamp| type| source ---|---|--- 2026-05-12 21:41:52+00:00| published-proof-of-concept| https://github.com/modelcontextprotocol/registry/security/advisories/GHSA-2v5f-5r6w-p67r 2026-05-15 02:06:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mluaol6rpr2o...

3.5CVSS5.7AI score0.00206EPSS
Exploits0References2
Snyk
Snykadded 2026/05/12 9:20 p.m.7 views

Out-of-bounds Read

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Out-of-bounds Read in the input validation process. An attacker can gain unauthorized write access by tricking a user with high privileges into visiting a maliciously craft...

5.1CVSS5.8AI score0.00373EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/05/12 8:22 p.m.6 views

CVE-2026-36983

D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection...

7.3CVSS5.7AI score0.01235EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/05/12 8:21 p.m.5 views

CVE-2025-65418

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url...

7.5CVSS5.9AI score0.00641EPSS
Exploits0References1
OSV
OSVadded 2026/05/12 8:16 p.m.3 views

DEBIAN-CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

6.1CVSS5.4AI score0.00258EPSS
Exploits1References1
NVD
NVDadded 2026/05/12 8:16 p.m.9 views

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

6.1CVSS0.00258EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/05/12 7:50 p.m.27 views

CVE-2026-34647 Adobe Commerce | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

7.4CVSS0.00471EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 7:43 p.m.27 views

CVE-2026-42338

The CVE concerns the ip-address JavaScript library. Prior to version 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding into HTML strings, and AddressError.parseMessage (emitted by the Address6 constructor for invalid input) can contain un...

6.1CVSS5.4AI score0.00258EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/05/12 7:43 p.m.30 views

CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

5.3CVSS0.00258EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/12 7:43 p.m.5 views

CVE-2026-42338 ip-address: XSS in Address6 HTML-emitting methods

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

5.3CVSS5.4AI score0.00258EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2026/05/12 7:43 p.m.10 views

CVE-2026-42338

ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group and Address6.link do not HTML-escape attacker-controlled content before embedding it in the HTML strings they return, and AddressError.parseMessage emitted by the Address6...

6.1CVSS5.4AI score0.00258EPSS
Exploits1
RedhatCVE
RedhatCVEadded 2026/05/12 7:38 p.m.5 views

CVE-2026-35527

A flaw was found in Incus, an open-source container and virtual machine manager. An authenticated user can exploit this vulnerability by supplying a malicious URL during the image import process. Before project restrictions are applied, Incus makes a blind HEAD request to the user-supplied URL,...

5.3CVSS5.7AI score0.00271EPSS
Exploits1References2
EUVD
EUVDadded 2026/05/12 6:30 p.m.19 views

EUVD-2026-29600

Double free in Windows Link-Layer Discovery Protocol LLDP allows an authorized attacker to elevate privileges locally...

7CVSS5.8AI score0.00199EPSS
Exploits0References2
NVD
NVDadded 2026/05/12 6:17 p.m.5 views

CVE-2026-34341

Double free in Windows Link-Layer Discovery Protocol LLDP allows an authorized attacker to elevate privileges locally...

7CVSS0.00199EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 5:16 p.m.35 views

CVE-2026-44166 Pocketbase: Account pre-hijacking via OAuth2 unverfied->verified autolinking upgrade

Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified PocketBase user in advance by authenticating with one of the OAuth2 app providers, e.g. "A". When th...

6.1CVSS0.0019EPSS
Exploits1References1
Circl
Circladded 2026/05/12 5:15 p.m.10 views

CVE-2026-41293

creationtimestamp| type| source ---|---|--- 2026-05-12 17:15:01+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mloc2ajsvu2j...

9.8CVSS5.8AI score0.00641EPSS
Exploits0References1
CVE
CVEadded 2026/05/12 4:59 p.m.17 views

CVE-2026-34341

CVE-2026-34341 is a Windows LLDP (Link-Layer Discovery Protocol) vulnerability described as a double free in LLDP that allows an authenticated, local attacker to gain elevated privileges. The connected documents confirm the issue and impact (local privilege escalation) but do not provide concrete...

7CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software14
Vulnrichment
Vulnrichmentadded 2026/05/12 4:59 p.m.6 views

CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability

...

7CVSS5.8AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/12 4:59 p.m.30 views

CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability

...

7CVSS0.00199EPSS
Exploits0References1
Rows per page
Query Builder