Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

41168 matches found

Debian CVE
Debian CVEadded 2026/04/02 8:0 a.m.5 views

CVE-2026-5244

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

9.8CVSS7.6AI score0.00727EPSS
Exploits1
EUVD
EUVDadded 2026/04/02 6:31 a.m.5 views

EUVD-2026-18120

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...

7.5CVSS5.6AI score0.00414EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/02 6:31 a.m.7 views

EUVD-2026-18126

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References5
EUVD
EUVDadded 2026/04/02 6:31 a.m.10 views

EUVD-2026-18118

A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclos...

5.3CVSS4.2AI score0.00337EPSS
Exploits0References6
NVD
NVDadded 2026/04/02 6:16 a.m.4 views

CVE-2026-5322

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS0.00259EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/04/02 5:30 a.m.33 views

CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS0.00259EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/04/02 5:30 a.m.2 views

CVE-2026-5322

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/04/02 5:30 a.m.2 views

CVE-2026-5322 AlejandroArciniegas mcp-data-vis MCP server.js request sql injection

A vulnerability has been found in AlejandroArciniegas mcp-data-vis bc597e391f184d2187062fd567599a3cb72adf51/de5a51525a69822290eaee569a1ab447b490746d. This affects the function Request of the file src/servers/database/server.js of the component MCP Handler. The manipulation leads to sql injection...

7.5CVSS6.7AI score0.00259EPSS
Exploits0References4
NVD
NVDadded 2026/04/02 5:16 a.m.4 views

CVE-2026-5321

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS0.00162EPSS
Exploits0References4
NVD
NVDadded 2026/04/02 5:16 a.m.5 views

CVE-2026-5320

A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is an unknown functionality of the file /api/vanna/v2/ of the component Chat API Endpoint. Performing a manipulation results in missing authentication. The attack can be initiated remotely. The exploit is n...

7.5CVSS0.00414EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.1 views

CVE-2026-5251

A vulnerability was identified in z-9527 admin 1.0/2.0. This impacts an unknown function of the file /server/routes/user.js of the component User Update Endpoint. Such manipulation of the argument isAdmin with the input 1 leads to dynamically-determined object attributes. It is possible to launch...

6.5CVSS6.4AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.4 views

CVE-2026-5254

A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component Webhook Handler. The manipulation leads to cross site scripting. The attack may be initiated...

5.1CVSS4.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.2 views

CVE-2026-5253

A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be...

5.1CVSS4.2AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.3 views

CVE-2026-5248

A vulnerability has been found in gougucms 4.08.18. This affects the function regsubmit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such manipulation of the argument level leads to dynamically-determined object attributes. The attack may b...

6.5CVSS6.1AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.4 views

CVE-2026-5237

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.3 views

CVE-2026-5249

A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...

5.1CVSS4.4AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.3 views

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

5.1CVSS4.3AI score0.00273EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/02 5:4 a.m.4 views

CVE-2026-5238

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

7.5CVSS6.8AI score0.00259EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/04/02 4:45 a.m.2 views

CVE-2026-5321 vanna-ai vanna FastAPI/Flask Server cross-domain policy

A flaw has been found in vanna-ai vanna up to 2.0.2. Affected by this issue is some unknown functionality of the component FastAPI/Flask Server. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The exploit has been...

5.3CVSS5.5AI score0.00162EPSS
Exploits0References4
NVD
NVDadded 2026/04/02 4:16 a.m.4 views

CVE-2026-5319

A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclos...

5.3CVSS0.00337EPSS
Exploits0References5
Rows per page
Query Builder