Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

104935 matches found

OSV
OSVadded 2026/05/27 2:17 p.m.3 views

UBUNTU-CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

5.8AI score0.00172EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 2:17 p.m.3 views

UBUNTU-CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 2:17 p.m.3 views

UBUNTU-CVE-2026-45965

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when exportbinary is unset If the exportbinary parameter is disabled on runtime, profiles that were loaded before that will still have their rawdata stored in apparmorfs, with a symbolic lin...

5.5CVSS5.7AI score0.00163EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/27 2:12 p.m.8 views

CVE-2026-9295

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The...

9CVSS7.8AI score0.00647EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 12:17 p.m.9 views

CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS0.00213EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/27 12:17 p.m.33 views

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

0.00172EPSS
Exploits0References7
CVE
CVEadded 2026/05/27 12:17 p.m.9 views

CVE-2026-45891

The CVE-2026-45891 issue affects Linux kernel networking for the hns3 driver. In hns3_set_ringparam(), a temporary copy of the ring is used for rollback, but the tx_spare pointer in the original ring is not cleared after saving its value in tmp_rings. If memory allocation fails during hns3_init_a...

5.9AI score0.00172EPSS
Exploits0References7
NVD
NVDadded 2026/05/27 11:16 a.m.6 views

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS0.00256EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/27 10:35 a.m.35 views

CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/27 10:35 a.m.8 views

CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/27 10:35 a.m.18 views

EUVD-2026-32212

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 10:35 a.m.8 views

CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References3
CVE
CVEadded 2026/05/27 10:35 a.m.18 views

CVE-2026-9689

CVE-2026-9689 affects Keycloak, an open-source identity and access management solution. The issue lies in the OIDC redirect URI handling when a client accepts broad redirect URIs, enabling an attacker to craft a special web address that could cause the client to prefer attacker-controlled informa...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/27 10:33 a.m.5 views

CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References3
Snyk
Snykadded 2026/05/27 9:41 a.m.21 views

Authentication Bypass Using an Alternate Path or Channel

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via failureforward Subrequest. An attacker could manipulate the failurepath parameter...

6.9CVSS5.8AI score0.00058EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/27 9:27 a.m.29 views

CVE-2026-3349 MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS0.00256EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/27 9:27 a.m.9 views

CVE-2026-3349 MinhNhut Link Gateway <= 3.6.1 - Reflected Cross-Site Scripting via 'url' Parameter

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score0.00256EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/27 9:27 a.m.7 views

EUVD-2026-32175

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score0.00256EPSS
Exploits0References3
CVE
CVEadded 2026/05/27 9:27 a.m.14 views

CVE-2026-3349

The CVE describes a vulnerability in the MinhNhut Link Gateway plugin for WordPress: a Reflected Cross-Site Scripting issue exploitable via the url parameter on the redirect page, affecting all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escapi...

6.1CVSS6AI score0.00256EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/27 9:27 a.m.6 views

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score0.00256EPSS
Exploits0References4
Rows per page
Query Builder