Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33610 matches found

ATTACKERKB
ATTACKERKBadded 2026/06/02 10:46 a.m.7 views

CVE-2026-39551

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/02 10:46 a.m.7 views

CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/02 10:46 a.m.35 views

CVE-2026-39551 WordPress Töbel theme <= 1.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS0.00054EPSS
Exploits0References1
CVE
CVEadded 2026/06/02 10:44 a.m.10 views

CVE-2026-39550

CVE-2026-39550 affects the WordPress Aperitif theme (versions up to 1.6). The issue is a PHP Object Injection caused by deserialization of untrusted data in Aperitif, enabling exploitation via a network vector with no user interaction and no privileges required. The CVSSv3.1 base score is 8.1 (HI...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/06/02 10:44 a.m.6 views

CVE-2026-39550 WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/02 10:44 a.m.9 views

CVE-2026-39550

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/02 10:44 a.m.32 views

CVE-2026-39550 WordPress Aperitif theme <= 1.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

8.1CVSS0.00054EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/02 10:44 a.m.6 views

EUVD-2026-33911

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.8 views

PT-2026-45732

Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a through 1.8.1...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.5 views

PT-2026-46679

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An object lifecycle issue in Dawn allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape occurs when a process breaks out of its...

9.6CVSS5.8AI score0.04819EPSS
Exploits0References434
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.10 views

PT-2026-45788

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description The SQL query editor's autocomplete functionality fails to sanitize database object names before rendering them using innerHTML. This allows an authenticated Developer with access to a shared PostgreS...

6.3CVSS5.9AI score0.0004EPSS
Exploits2References11
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.5 views

PT-2026-45731

Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from n/a through 1.6...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.7 views

PT-2026-46706

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Opaque Response Blocking ORB, a mechanism used to prevent cross-origin leaks of sensitive data, allows a remote attacker to bypass site isolation by...

9.6CVSS5.8AI score0.04819EPSS
Exploits0References434
Positive Technologies
Positive Technologiesadded 2026/06/02 12:0 a.m.9 views

PT-2026-45754

Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1...

8.1CVSS5.8AI score0.00054EPSS
Exploits0References2
NVD
NVDadded 2026/06/01 11:16 p.m.10 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

4.3CVSS0.00033EPSS
Exploits0References1
NVD
NVDadded 2026/06/01 11:16 p.m.9 views

CVE-2026-24756

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

4.3CVSS0.00031EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/01 10:3 p.m.9 views

CVE-2026-44966

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

9.8CVSS5.9AI score0.00102EPSS
Exploits1References1
EUVD
EUVDadded 2026/06/01 9:52 p.m.7 views

EUVD-2026-33840

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

3.7CVSS5.8AI score0.00033EPSS
Exploits0References1
CVE
CVEadded 2026/06/01 9:52 p.m.16 views

CVE-2026-24761

The CVE-2026-24761 entry concerns Kiteworks Secure Data Forms prior to version 9.3.0, where an Insecure Direct Object Reference (IDOR) allows an authenticated user to access metadata of resources belonging to other users due to insufficient ownership checks. Affected product is Kiteworks Secure D...

4.3CVSS5.8AI score0.00033EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/06/01 9:52 p.m.27 views

CVE-2026-24761 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

3.7CVSS0.00033EPSS
Exploits0References1
Rows per page
Query Builder