Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7489 matches found

NVD
NVDadded 2026/03/24 7:16 p.m.1 views

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS0.0003EPSS
Exploits0References1
OSV
OSVadded 2026/03/24 7:16 p.m.1 views

DEBIAN-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.3AI score0.0003EPSS
Exploits0References1
OSV
OSVadded 2026/03/24 7:16 p.m.4 views

UBUNTU-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.8AI score0.0003EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/03/24 6:26 p.m.3 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.0003EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/03/24 6:26 p.m.8 views

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.0003EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/03/24 6:26 p.m.9 views

CVE-2026-23919

CVE-2026-23919 affects Zabbix Server/Proxy where JavaScript (Duktape) contexts are reused for performance, potentially causing confidentiality leakage by non-super administrators who can access hosts they shouldn’t. The issue stems from shared execution contexts used by script items, JavaScript r...

7.1CVSS5.7AI score0.0003EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2026/03/24 6:26 p.m.3 views

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.3AI score0.0003EPSS
Exploits0
Cvelist
Cvelistadded 2026/03/24 6:26 p.m.17 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS0.0003EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/24 12:0 a.m.6 views

PT-2026-27473

Name of the Vulnerable Software and Affected Versions Zabbix versions prior to 7.4 Description A design flaw in Zabbix Server/Proxy related to JavaScript Duktape context reuse can result in data leakage. Specifically, a regular Zabbix administrator may unintentionally expose data for hosts they a...

7.1CVSS5.7AI score0.0003EPSS
Exploits0References16
Microsoft Secure
Microsoft Secureadded 2026/03/23 4:0 p.m.3 views

Case study: How predictive shielding in Defender stopped GPO-based ransomware before it started

In this article 1. The growing threat: GPO abuse in ransomware operations 2. The incident 3. The results 4. The hardening dilemma: Why threat actors love operational mechanisms 5. Predictive shielding: Contextual, just-in-time hardening 6. Closing the gap 7. References Summary Microsoft Defender...

6.2AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/03/23 1:37 p.m.4 views

CVE-2026-4647

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can caus...

6.1CVSS5.7AI score0.00005EPSS
Exploits0References4
OSV
OSVadded 2026/03/20 8:44 p.m.5 views

GHSA-FPH2-R4QG-9576 Parse Server's LiveQuery bypasses CLP pointer permission enforcement

Impact Parse Server's LiveQuery WebSocket interface does not enforce Class-Level Permission CLP pointer permissions readUserFields and pointerFields. Any authenticated user can subscribe to LiveQuery events and receive real-time updates for all objects in classes protected by pointer permissions,...

7.1CVSS5.8AI score0.00012EPSS
Exploits0References7
Cvelist
Cvelistadded 2026/03/20 7:34 a.m.17 views

CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template

Jexactyl is a customisable game management panel and billing system. Commits after 025e8dbb0daaa04054276bda814d922cf4af58da and before e28edb204e80efab628d1241198ea4f079779cfd inject server-side objects into client-side JavaScript through resources/views/templates/wrapper.blade.php. Using unescap...

5.8CVSS0.00032EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/20 2:38 a.m.2 views

CVE-2026-32933

AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service DoS attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an...

7.5CVSS5.8AI score0.00027EPSS
Exploits1References5Affected Software1
AlpineLinux
AlpineLinuxadded 2026/03/18 5:53 p.m.1 views

CVE-2026-32633

Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...

9.1CVSS5.8AI score0.00103EPSS
Exploits1References3
NVD
NVDadded 2026/03/18 4:17 a.m.3 views

CVE-2026-31898

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

8.1CVSS0.00046EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/18 3:3 a.m.2 views

CVE-2026-31898

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

8.1CVSS5.8AI score0.00046EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/03/18 12:0 a.m.2 views

PT-2026-26201

Name of the Vulnerable Software and Affected Versions dynaconf versions prior to 3.2.13 Description dynaconf is susceptible to Server-Side Template Injection SSTI due to insecure template evaluation within the @Jinja resolver. When the jinja2 package is installed, Dynaconf evaluates template...

8.1CVSS6.2AI score0.00024EPSS
Exploits1References21
Circl
Circladded 2026/03/17 7:30 p.m.0 views

CVE-2026-22882

creationtimestamp| type| source ---|---|--- 2026-03-17 19:30:45+00:00| seen| https://infosec.place/objects/43c1d72d-32cc-447f-b618-5b67eded0deb...

7.1CVSS5.7AI score0.00016EPSS
Exploits1References1
NVD
NVDadded 2026/03/17 4:16 p.m.2 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS0.00164EPSS
Exploits0References1
Rows per page
Query Builder