Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

10260 matches found

RedhatCVE
RedhatCVEadded 2026/06/03 12:3 a.m.11 views

CVE-2026-44582

A flaw was found in Next.js. React Server Component responses are vulnerable to cache poisoning in deployments that use shared caches without proper response partitioning. An attacker can exploit collisions in the rsc cache-busting value to poison cache entries. This allows users to receive...

3.7CVSS5.6AI score0.00203EPSS
Exploits1References4
ATTACKERKB
ATTACKERKBadded 2026/06/03 12:0 a.m.6 views

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.8AI score0.00137EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/03 12:0 a.m.15 views

EUVD-2026-34154

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

5.8AI score0.00137EPSS
Exploits0References1
CVE
CVEadded 2026/06/03 12:0 a.m.14 views

CVE-2026-36616

CVE-2026-36616 affects the Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The issue is the presence of hardcoded WiFi driver credentials embedded in the production firmware binary: a RADIUS shared secret, a WPS test key, and a default PSK. The vulnerability arises from these sensitive ...

5.9CVSS5.8AI score0.00137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessusadded 2026/06/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-44581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/06/03 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-44582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses can be...

3.7CVSS5.8AI score0.00203EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2026/06/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-46176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch...

7.8CVSS6.6AI score0.00138EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/06/03 12:0 a.m.25 views

Oracle Linux 8 : gnutls (ELSA-2026-20611)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20611 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.01194EPSS
Exploits1References12
Oracle linux
Oracle linuxadded 2026/06/03 12:0 a.m.16 views

Unbreakable Enterprise kernel security update

5.15.0-321.202.5 - Revert 'ip6tunnel: Fix usage of skbvlaninetprepare' Harshit Mogalapalli Orabug: 39476647 - smb: client: reject userspace cifs.spnego descriptions Asim Viladi Oglu Manizada Orabug: 39463672 5.15.0-321.202.4 - tun: free page on buildskb failure in tunxdpone Weiming Shi Orabug:...

9.8CVSS6.8AI score0.93418EPSS
Exploits43
NVD
NVDadded 2026/06/02 11:16 p.m.12 views

CVE-2026-44654

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

8.1CVSS0.00265EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/06/02 10:47 p.m.8 views

CVE-2026-44654 LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

7.2CVSS5.7AI score0.00265EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/06/02 10:47 p.m.6 views

CVE-2026-44654

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

7.2CVSS5.7AI score0.00265EPSS
Exploits1References2Affected Software1
CVE
CVEadded 2026/06/02 10:47 p.m.23 views

CVE-2026-44654

CVE-2026-44654 (LibreChat) : In versions up to 0.8.3, a shared-agent editor can issue DELETE /api/files to remove file records that a user has reused across multiple agents. The deletion is global, not limited to the shared agent, which can break the owner’s other private agents that reference th...

8.1CVSS5.7AI score0.00265EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2026/06/02 10:47 p.m.40 views

CVE-2026-44654 LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

7.2CVSS0.00265EPSS
Exploits1References1
EUVD
EUVDadded 2026/06/02 10:47 p.m.11 views

EUVD-2026-34049

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through DELETE /api/files that the owner has reused across multiple agents. The deletion removes the file globally — not just from the...

7.2CVSS5.7AI score0.00265EPSS
Exploits1References1
CVE
CVEadded 2026/06/02 10:40 p.m.24 views

CVE-2026-44653

LibreChat contains a vulnerability in versions up to 0.8.3 where users with only VIEW access to an MCP server can retrieve decrypted admin secrets via GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The API returns plaintext values for apiKey.key and oauth.client_secret, enabling viewe...

6.5CVSS5.7AI score0.00276EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVEadded 2026/06/02 10:3 p.m.12 views

CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References1
NVD
NVDadded 2026/06/02 4:16 p.m.14 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS0.00301EPSS
Exploits0References4
EUVD
EUVDadded 2026/06/02 2:15 p.m.9 views

EUVD-2026-33941

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/02 2:15 p.m.8 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder