Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1088 matches found

OSV
OSVadded 2026/04/14 12:13 p.m.3 views

OPENSUSE-SU-2026:20532-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issue: - CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string bsc1258637...

8.7CVSS5.8AI score0.00519EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.6 views

PT-2026-32973

Name of the Vulnerable Software and Affected Versions free5GC versions 1.4.2 and earlier Description An improper path validation issue exists in the UDR service. An unauthenticated attacker with access to the 5G Service Based Interface can delete arbitrary Traffic Influence Subscriptions by...

8.7CVSS6.1AI score0.0038EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.6 views

PT-2026-32975

Name of the Vulnerable Software and Affected Versions free5GC UDR service versions prior to 4.2.1 Description An improper path validation issue exists in the UDR service. The handler for creating or updating Traffic Influence Subscriptions checks if the influenceId path segment equals...

8.7CVSS6AI score0.00427EPSS
Exploits1References5
Positive Technologies
Positive Technologiesadded 2026/04/14 12:0 a.m.3 views

PT-2026-32974

Name of the Vulnerable Software and Affected Versions free5GC versions 4.2.1 and earlier Description An improper path validation issue exists in the UDR service. The endpoint 'GET /nudr-dr/v2/application-data/influenceData/influenceId/subscriptionId' is designed to operate only when the influence...

8.7CVSS6AI score0.00493EPSS
Exploits1References5
CNVD
CNVDadded 2026/04/10 12:0 a.m.6 views

Discourse Information Disclosure Vulnerability (CNVD-2026-17250)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse has an information leakage vulnerability , the vulnerability stems from the discourse-subscriptions plugin leaks stripe API key...

5.3CVSS5.6AI score0.00175EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/04/08 7:34 p.m.5 views

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.9AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/08 12:0 a.m.6 views

PT-2026-31444

Remnawave Backend is the backend for the Remnawave proxy and user management solution. Prior to 2.7.5, a glitch in the HWID device registration logic allows an authenticated user to bypass the configured limit for HWID devices and register more devices than expected, allowing them to resell...

5CVSS5.9AI score0.00183EPSS
Exploits1References2
NVD
NVDadded 2026/04/07 8:16 p.m.2 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS0.0017EPSS
Exploits0References2
OSV
OSVadded 2026/04/07 5:16 p.m.1 views

ALPINE-CVE-2026-39316

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler cupsd when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters in...

6.2CVSS5.7AI score0.00178EPSS
Exploits1References1
PyPA
PyPAadded 2026/04/07 5:16 p.m.7 views

PYSEC-2026-133

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS5.7AI score0.00424EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2026/04/07 5:16 p.m.7 views

PYSEC-2026-133

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS5.7AI score0.00424EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/07 5:0 p.m.20 views

CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler cupsd when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters in...

4CVSS0.00178EPSS
Exploits1References1
PyPA
PyPAadded 2026/04/07 4:16 p.m.6 views

PYSEC-2026-134

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2026/04/07 4:16 p.m.5 views

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS0.00274EPSS
Exploits0References1
OSV
OSVadded 2026/04/07 4:16 p.m.5 views

PYSEC-2026-134

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/07 3:58 p.m.2 views

CVE-2026-35523

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS5.8AI score0.00424EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/07 3:58 p.m.18 views

CVE-2026-35523 Authentication bypass in strawberry-graphql via legacy graphql-ws WebSocket subprotocol

Strawberry GraphQL is a library for creating GraphQL APIs. Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a connectioninit handshake has been completed before...

7.5CVSS0.00424EPSS
Exploits0References1
CVE
CVEadded 2026/04/07 3:23 p.m.17 views

CVE-2026-35526

CVE-2026-35526 concerns the Strawberry GraphQL library. Before version 0.312.3, the WebSocket subscription handlers for both graphql-transport-ws and legacy graphql-ws allocate an asyncio.Task and an associated Operation for every incoming subscribe message without enforcing a limit on active sub...

7.5CVSS5.9AI score0.00274EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/07 3:23 p.m.5 views

CVE-2026-35526

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.9AI score0.00274EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/07 3:23 p.m.4 views

CVE-2026-35526 Strawberry GraphQL affected by a Denial of Service via unbounded WebSocket subscriptions

Strawberry GraphQL is a library for creating GraphQL APIs. Prior to 0.312.3, Strawberry GraphQL's WebSocket subscription handlers for both the graphql-transport-ws and legacy graphql-ws protocols allocate an asyncio.Task and associated Operation object for every incoming subscribe message without...

7.5CVSS5.9AI score0.00274EPSS
Exploits0References1
Rows per page
Query Builder