Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3866 matches found

OSV
OSVadded 2026/03/31 3:15 a.m.4 views

DEBIAN-CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS6.2AI score0.00479EPSS
Exploits0References1
NVD
NVDadded 2026/03/31 3:15 a.m.3 views

CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

9.8CVSS0.00479EPSS
Exploits0References2
CVE
CVEadded 2026/03/31 1:59 a.m.13 views

CVE-2026-34060

CVE-2026-34060 affects Ruby LSP: prior to Shopify.ruby-lsp v0.10.2 and ruby-lsp v0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated unsafely into a generated Gemfile, enabling arbitrary Ruby code execution when opening a project with a malicious .vscode/settings.json. The issue...

9.8CVSS6.3AI score0.00479EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/31 1:59 a.m.3 views

CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS6.3AI score0.00479EPSS
Exploits0References3Affected Software2
OSV
OSVadded 2026/03/31 1:59 a.m.7 views

CVE-2026-34060 Ruby LSP has arbitrary code execution through branch setting

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

7.1CVSS6.4AI score0.00479EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/03/31 12:0 a.m.4 views

WordPress plugin WooPayments: Integrated WooCommerce Payments 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2026/03/30 11:28 p.m.6 views

SUSE CVE-2026-33433

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when headerField is configured with a non-canonical HTTP header name e.g., x-auth-user instead of X-Auth-User, an authenticated attacker can inject their own canonical version of that header to...

8.8CVSS5.9AI score0.0045EPSS
Exploits1References4
RedhatCVE
RedhatCVEadded 2026/03/30 5:6 p.m.4 views

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS6.5AI score0.00663EPSS
Exploits1References1
CVE
CVEadded 2026/03/30 2:7 p.m.10 views

CVE-2026-28527

BlueKitchen BTstack before 1.8.1 has an out-of-bounds read in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTRIBUTE_TEXT and GET_PLAYER_APPLICATION_SETTING_VALUE_TEXT handlers. An adjacent attacker with Bluetooth Classic pairing can send crafted VENDOR_DEPENDENT responses to trigger reads...

7.3CVSS5.9AI score0.00157EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/03/30 2:7 p.m.21 views

CVE-2026-28527 BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handlers OOB Read

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GETPLAYERAPPLICATIONSETTINGATTRIBUTETEXT and GETPLAYERAPPLICATIONSETTINGVALUETEXT handlers that allows nearby attackers to read beyond packet boundaries. Attackers can establish a paire...

3.5CVSS0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/03/30 5:0 a.m.8 views

CVE-2026-5021

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS6.2AI score0.00632EPSS
Exploits1References1
EUVD
EUVDadded 2026/03/29 3:30 p.m.6 views

EUVD-2026-16991

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS7.8AI score0.00663EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/03/29 12:15 p.m.2 views

CVE-2026-5044 Belkin F9K1122 Setting formSetSystemSettings stack-based overflow

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

9CVSS6.5AI score0.00663EPSS
Exploits1References4
NVD
NVDadded 2026/03/29 2:16 a.m.13 views

CVE-2026-5021

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS0.00632EPSS
Exploits1References5
Cvelist
Cvelistadded 2026/03/29 1:15 a.m.33 views

CVE-2026-5021 Tenda F453 httpd PPTPUserSetting fromPPTPUserSetting stack-based overflow

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS0.00632EPSS
Exploits1References5
Vulnrichment
Vulnrichmentadded 2026/03/29 1:15 a.m.5 views

CVE-2026-5021 Tenda F453 httpd PPTPUserSetting fromPPTPUserSetting stack-based overflow

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS6.1AI score0.00632EPSS
Exploits1References5
CVE
CVEadded 2026/03/29 1:15 a.m.12 views

CVE-2026-5021

CVE-2026-5021 affects Tenda F453 1.0.0.3. The vulnerability is a stack-based overflow in httpd’s fromPPTPUserSetting (/goform/PPTPUserSetting) caused by manipulating the delno argument. Remote exploitation is possible and exploits have been published. Remediation in documents: update to a newer v...

9CVSS7.5AI score0.00632EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blogadded 2026/03/27 7:43 p.m.9 views

Ruby LSP has arbitrary code execution through branch setting

Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...

9.8CVSS6.3AI score0.00479EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2026/03/27 7:10 a.m.1 views

BIT-DISCOURSE-2026-29072 Discourse missing permission check for policy creation in discourse-policy

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, users who do not belong to the allowed policy creation groups can create functional policy acceptance widgets in posts under the right conditions. Versions 2026.3.0, 2026.2.1, and 2026.1.2 contain...

8.2CVSS5.8AI score0.00231EPSS
Exploits0References2
RubySec
RubySecadded 2026/03/27 12:0 a.m.7 views

Ruby LSP has arbitrary code execution through branch setting

Summary The rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a user opens a project containing a malicious .vscode/settings.json. Other editors that support workspace setting that get automatically...

9.8CVSS6.1AI score0.00479EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder