Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

121135 matches found

Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.10 views

PT-2026-43948

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory corruption issue exists in the Linux kernel crypto acomp component. The function acomp save req incorrectly stores the address of the chain member &req-chain in req-base.data...

9.8CVSS6.1AI score0.01582EPSS
Exploits12References280
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-43882

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11-1.1 Description An issue exists in the TCP implementation where the inet csk listen stop function migrates an established child socket from a closing listener to another socket within the same SO REUSEPORT...

9.8CVSS5.9AI score0.01582EPSS
Exploits12References283
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.15 views

PT-2026-43959

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A DMA coherency issue exists in the igorplugusb driver within the media subsystem. In a control request, the USB request...

9.8CVSS5.9AI score0.01582EPSS
Exploits12References281
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.12 views

PT-2026-43853

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak exists in the cc mac digest function within the ccree crypto component. This occurs when cc map hash request...

9.8CVSS5.9AI score0.01582EPSS
Exploits12References284
Tenable Nessus
Tenable Nessusadded 2026/05/27 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-45916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - power: supply: sbs-battery: Fix use-after-free in powersupplychanged Using the devm variant for requesting IRQ before the devm variant for allocating/registerin...

5.7AI score0.0021EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/05/27 12:0 a.m.13 views

Amazon Linux 2023 : libsoup, libsoup-devel (ALAS2023-2026-1758)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1758 advisory. OOB Read via Integer Overflow on libsoup through libsoup/websocket/soup-websocket-connection.c via processframe leads to Undefined Behavior CVE-2026-0716 A flaw was found in libsoup, an HTTP...

8.6CVSS7.3AI score0.00947EPSS
Exploits2References14
Tenable Nessus
Tenable Nessusadded 2026/05/27 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-46028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: algifaead - snapshot IV for async AEAD requests AFALG AEAD AIO requests currently use the socket-wide IV buffer during request processing. For async...

5.5CVSS5.6AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/27 12:0 a.m.7 views

PT-2026-43736

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the probe function where request irq is called before the power supply handle is allocated or registered. If an interrupt occurs between these two calls, the...

5.5AI score0.0021EPSS
Exploits0References17
Exploit DB
Exploit DBadded 2026/05/27 12:0 a.m.49 views

EspoCRM 9.3.3 - SSRF

Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage: https://www.espocrm.com/ Software Link: https://github.com/espocrm/espocrm/releases/tag/9.3.3 Version: 9.3.3...

4.3CVSS5.8AI score0.01978EPSS
Exploits5
Vulnrichment
Vulnrichmentadded 2026/05/26 11:59 p.m.9 views

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.8AI score0.00386EPSS
Exploits0References6
Cvelist
Cvelistadded 2026/05/26 11:59 p.m.31 views

CVE-2026-8606 Server-Side Request Forgery in GitHub Enterprise Server via Advisory Package URL Endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS0.00386EPSS
Exploits0References6
EUVD
EUVDadded 2026/05/26 11:59 p.m.8 views

EUVD-2026-32025

A Server-Side Request Forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security advisories package lookup feature. By directing requests to an internal management service and...

7CVSS5.8AI score0.00386EPSS
Exploits0References6
NVD
NVDadded 2026/05/26 10:16 p.m.13 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS0.01002EPSS
Exploits2References10
OSV
OSVadded 2026/05/26 10:16 p.m.6 views

UBUNTU-CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2References6
Vulnrichment
Vulnrichmentadded 2026/05/26 10:1 p.m.7 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS5.9AI score0.01285EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/05/26 9:54 p.m.10 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2References8Affected Software1
Cvelist
Cvelistadded 2026/05/26 9:54 p.m.33 views

CVE-2026-48710 Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS0.01002EPSS
Exploits2References7
CVE
CVEadded 2026/05/26 9:54 p.m.160 views

CVE-2026-48710

Starlette (Python ASGI framework) contains a Host header validation issue in versions before 1.0.1. The HTTP Host header was not validated when reconstructing request.url, while routing relies on the raw path and request.url, allowing a malformed Host header to make request.url.path differ from t...

6.5CVSS5.8AI score0.01002EPSS
Exploits2References10Affected Software1
AlpineLinux
AlpineLinuxadded 2026/05/26 9:54 p.m.13 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2
Debian CVE
Debian CVEadded 2026/05/26 9:54 p.m.11 views

CVE-2026-48710

Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP Host request header was not validated before being used to reconstruct request.url. Because the routing algorithm relies on the raw HTTP path while request.url is rebuilt from the Host header, a malformed header...

6.5CVSS5.8AI score0.01002EPSS
Exploits2
Rows per page
Query Builder