Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

34293 matches found

NVD
NVDadded 2026/04/06 8:16 a.m.2 views

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

5.5CVSS0.00164EPSS
Exploits0References4
OSV
OSVadded 2026/04/06 8:16 a.m.3 views

UBUNTU-CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

5.5CVSS5.7AI score0.00164EPSS
Exploits0References7
OSV
OSVadded 2026/04/06 7:58 a.m.1 views

BIT-NODE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.2AI score0.13066EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/04/06 7:38 a.m.6 views

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

5.5CVSS5.2AI score0.00164EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/04/06 7:38 a.m.4 views

CVE-2026-31410

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FSOBJECTIDINFORMATION Use sb-suuid for a proper volume identifier as the primary choice. For filesystems that do not provide a UUID, fall back to stfs.ffsid obtained from vfsstatfs...

5.7AI score0.00164EPSS
Exploits0References5Affected Software1
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.9 views

Brave CMS 安全漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir. Versions of Brave CMS prior to 2.0.6 contained security vulnerabilities. These vulnerabilities stemmed from an insecure direct object reference in the article image deletion function, which could allow authenticate...

7.1CVSS5.8AI score0.00201EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.9 views

chyrp-lite 安全漏洞

Chyrp-Lite is a self-hosted blog and website platform developed by Daniel Pimley. Versions of Chyrp-Lite prior to version 2026.01 contained security vulnerabilities. These vulnerabilities stemmed from insecure direct object references or bulk assignment issues in the Post model, which could lead ...

6.5CVSS5.8AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.10 views

OpenFGA 安全漏洞

OpenFGA is an open-source tool built for developers, inspired by Google Zanzibar. It’s a high-performance and flexible authorization/licensing engine. Versions of OpenFGA from 1.8.0 to 1.13.1 have security vulnerabilities. These vulnerabilities arise from calls to the BatchCheck function under...

8.8CVSS5.9AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.3 views

PT-2026-30732

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.8.0 through 1.13.1 Description OpenFGA is an authorization/permission engine. BatchCheck calls with multiple checks for the same object, relation, and user can lead to improper policy enforcement under specific conditions...

8.8CVSS5.9AI score0.00211EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2026/04/06 12:0 a.m.5 views

PT-2026-30694

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

6.5CVSS5.9AI score0.00174EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/05 8:45 p.m.3 views

CVE-2019-25685

phpBB contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by exploiting the plupload functionality and phar:// stream wrapper. Attackers can upload a crafted zip file containing serialized PHP objects that execute arbitrary code when...

8.8CVSS6.3AI score0.00183EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/04/05 10:55 a.m.8 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1
Microsoft CVE
Microsoft CVEadded 2026/04/05 8:2 a.m.6 views

drm/amdgpu: Limit BO list entry count to prevent resource exhaustion

...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
Cvelist
Cvelistadded 2026/04/04 1:51 p.m.21 views

CVE-2018-25255 10-Strike LANState 8.8 Local Buffer Overflow SEH

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that...

8.6CVSS0.00185EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/04 1:51 p.m.6 views

CVE-2018-25255 10-Strike LANState 8.8 Local Buffer Overflow SEH

10-Strike LANState 8.8 contains a local buffer overflow vulnerability in structured exception handling that allows local attackers to execute arbitrary code by crafting malicious LSM map files. Attackers can create a specially formatted LSM file with a payload in the ObjCaption parameter that...

8.6CVSS6.5AI score0.00185EPSS
Exploits0References4
EUVD
EUVDadded 2026/04/04 9:30 a.m.8 views

EUVD-2026-18981

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References4
NVD
NVDadded 2026/04/04 8:16 a.m.5 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS0.00351EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/04/04 7:42 a.m.20 views

CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/04 7:42 a.m.4 views

CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/04/04 7:42 a.m.2 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References4
Rows per page
Query Builder