Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

105177 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/27 3:25 p.m.7 views

CVE-2026-45335

WeGIA is a web manager for charitable institutions. Prior to 3.7.3, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/05/27 3:25 p.m.13 views

CVE-2026-45335

WeGIA is vulnerable to an Open Redirect in the /WeGIA/controle/control.php endpoint prior to version 3.7.3. The vulnerability arises via the nextPage parameter when combined with metodo=listarTodos and nomeClasse=InternoControle, where the application fails to validate or restrict nextPage. This ...

5.4CVSS5.9AI score0.0015EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 2:17 p.m.9 views

CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

7.8CVSS0.00129EPSS
Exploits0References7
OSV
OSVadded 2026/05/27 2:17 p.m.4 views

UBUNTU-CVE-2026-45891

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 2:17 p.m.4 views

UBUNTU-CVE-2026-45965

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix invalid deref of rawdata when exportbinary is unset If the exportbinary parameter is disabled on runtime, profiles that were loaded before that will still have their rawdata stored in apparmorfs, with a symbolic lin...

5.5CVSS5.7AI score0.0016EPSS
Exploits0References3
OSV
OSVadded 2026/05/27 2:17 p.m.5 views

UBUNTU-CVE-2026-46023

In the Linux kernel, the following vulnerability has been resolved: dm mirror: fix integer overflow in createdirtylog The argument count calculation in createdirtylog performs argsused = 2 + paramcount before validating against argc. When a user provides a paramcount close to UINTMAX via the devi...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/27 2:12 p.m.9 views

CVE-2026-9295

A security flaw has been discovered in Edimax BR-6428NS 1.10. This affects the function formWirelessTbl of the file /goform/formWirelessTbl of the component POST Request Handler. Performing a manipulation of the argument vapurl results in buffer overflow. The attack can be initiated remotely. The...

9CVSS7.8AI score0.00542EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 12:17 p.m.13 views

CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS0.00213EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/27 12:17 p.m.35 views

CVE-2026-45891 net: hns3: fix double free issue for tx spare buffer

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix double free issue for tx spare buffer In hns3setringparam, a temporary copy tmprings of the ring structure is created for rollback. However, the txspare pointer in the original ring handle is incorrectly left...

0.00129EPSS
Exploits0References7
CVE
CVEadded 2026/05/27 12:17 p.m.13 views

CVE-2026-45891

CVE-2026-45891: Linux kernel hns3 driver double-free vulnerability. Root cause: in hns3_set_ringparam(), a temporary copy (tmp_rings) is used for rollback, but the tx_spare pointer in the original ring isn’t cleared after backup, leading to a stale non-NULL tx_spare. If allocation fails during hn...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References7Affected Software1
NVD
NVDadded 2026/05/27 11:16 a.m.7 views

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS0.00256EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/27 10:35 a.m.29 views

EUVD-2026-32212

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 10:35 a.m.9 views

CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/27 10:35 a.m.37 views

CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/27 10:35 a.m.9 views

CVE-2026-9689 Keycloak: org.keycloak.protocol.oidc: http parameter pollution in oidc redirect uri allows response parameter duplication - #ghi-604

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2
CVE
CVEadded 2026/05/27 10:35 a.m.23 views

CVE-2026-9689

CVE-2026-9689 affects Keycloak, an open-source identity and access management solution. The issue lies in the OIDC redirect URI handling when a client accepts broad redirect URIs, enabling an attacker to craft a special web address that could cause the client to prefer attacker-controlled informa...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVEadded 2026/05/27 10:33 a.m.8 views

CVE-2026-9689

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers URIs, a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks...

4.2CVSS5.8AI score0.00213EPSS
Exploits0References3
Snyk
Snykadded 2026/05/27 9:41 a.m.22 views

Authentication Bypass Using an Alternate Path or Channel

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via failureforward Subrequest. An attacker could manipulate the failurepath parameter...

6.9CVSS5.8AI score0.00058EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/27 9:27 a.m.7 views

CVE-2026-3349

The MinhNhut Link Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter on the redirect page in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers ...

6.1CVSS6AI score0.00256EPSS
Exploits0References4
CVE
CVEadded 2026/05/27 9:27 a.m.17 views

CVE-2026-3349

The CVE describes a vulnerability in the MinhNhut Link Gateway plugin for WordPress: a Reflected Cross-Site Scripting issue exploitable via the url parameter on the redirect page, affecting all versions up to and including 3.6.1. The root cause is insufficient input sanitization and output escapi...

6.1CVSS6AI score0.00256EPSS
Exploits0References3
Rows per page
Query Builder