Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

121114 matches found

ATTACKERKB
ATTACKERKBadded 2026/06/01 5:34 p.m.8 views

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00126EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/06/01 5:34 p.m.7 views

CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00126EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/01 5:34 p.m.8 views

CVE-2026-43958

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

7.8CVSS6.3AI score0.00126EPSS
Exploits0References3
NVD
NVDadded 2026/06/01 5:17 p.m.34 views

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.8CVSS0.00145EPSS
Exploits4References10
NVD
NVDadded 2026/06/01 5:16 p.m.11 views

CVE-2026-37225

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS0.00415EPSS
Exploits0References2
NVD
NVDadded 2026/06/01 5:16 p.m.8 views

CVE-2026-10274

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

6.5CVSS0.00209EPSS
Exploits0References6
CVE
CVEadded 2026/06/01 4:30 p.m.12 views

CVE-2026-10274

Summary: CVE-2026-10274 concerns the indrasishbanerjee aem-mcp-server (up to commit b5f833aef9b5dfd17a5991b3b18a8a11edbdc583) and affects the function getAssetMetadata in file src/mcp-server.ts within the Axios Request Flow component. By manipulating the argument assetPath, a remote attacker can ...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References6
EUVD
EUVDadded 2026/06/01 4:30 p.m.7 views

EUVD-2026-33670

A vulnerability was determined in indrasishbanerjee aem-mcp-server up to b5f833aef9b5dfd17a5991b3b18a8a11edbdc583. This impacts the function getAssetMetadata of the file src/mcp-server.ts of the component Axios Request Flow. Executing a manipulation of the argument assetPath can lead to server-si...

6.5CVSS6.3AI score0.00209EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2026/06/01 4:22 p.m.8 views

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.1CVSS5.8AI score0.00145EPSS
Exploits4References8
EUVD
EUVDadded 2026/06/01 4:22 p.m.10 views

EUVD-2026-33668

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.8CVSS5.8AI score0.00145EPSS
Exploits4References8
CVE
CVEadded 2026/06/01 4:22 p.m.183 views

CVE-2026-46243

The CVE-2026-46243 entry concerns the Linux kernel CIFS client. It fixes a bug where cifs.spnego key descriptions could be created by userspace (via request_key(2) or add_key(2)) and include fields (pid, uid, creduid, upcall_target) that are treated as kernel-origin inputs. The fix restricts acce...

7.8CVSS5.8AI score0.00145EPSS
Exploits4References10Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/01 4:13 p.m.11 views

CVE-2026-45131 CloudPirates Open Source Helm Charts: GitHub Actions pull_request_target workflow allows secret exfiltration via fork pull requests

CloudPirates Open Source Helm Charts is a collection of Helm charts. Prior to commit fcf9302, a GitHub Actions workflow pull-request.yaml executes attacker-controlled code from fork pull requests in a privileged context, exposing repository secrets including Docker Hub credentials and tokens...

10CVSS5.8AI score0.00275EPSS
Exploits0References2
NVD
NVDadded 2026/06/01 3:16 p.m.13 views

CVE-2026-37220

FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2SETUPREQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert. A remote unauthenticated attacker can crash the near-RT RIC port 36421...

7.5CVSS0.00347EPSS
Exploits0References2
NVD
NVDadded 2026/06/01 3:16 p.m.10 views

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS0.00265EPSS
Exploits0References8
Ubuntu
Ubuntuadded 2026/06/01 3:4 p.m.11 views

USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

6.4CVSS5.8AI score0.00238EPSS
Exploits0
EUVD
EUVDadded 2026/06/01 2:15 p.m.8 views

EUVD-2026-33646

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS5.3AI score0.00265EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2026/06/01 2:15 p.m.8 views

CVE-2026-10264 lharries whatsapp-mcp Send API Endpoint main.go SendMessageRequest path traversal

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS5.3AI score0.00265EPSS
Exploits0References8
ATTACKERKB
ATTACKERKBadded 2026/06/01 2:15 p.m.6 views

CVE-2026-10264

A vulnerability was determined in lharries whatsapp-mcp 0.0.1. Affected by this vulnerability is the function SendMessageRequest of the file whatsapp-bridge/main.go of the component Send API Endpoint. This manipulation of the argument mediaPath causes path traversal. The exploit has been publicly...

5.1CVSS5.3AI score0.00265EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2026/06/01 11:42 a.m.6 views

BIT-KIBANA-2026-42398 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana allows authenticated users with connector management privileges to bypass the operator-configured connection allowlist. By configuring a Webhook connector with a crafted target, an attacker can cause Kibana to issue outbound requests to destinations...

7.7CVSS5.8AI score0.00272EPSS
Exploits0References2
OSV
OSVadded 2026/06/01 11:39 a.m.4 views

BIT-ELK-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

7.7CVSS5.8AI score0.0018EPSS
Exploits0References2
Rows per page
Query Builder