Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

973 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:39 p.m.8 views

CVE-2026-7384

A vulnerability was detected in ezequiroga mcp-bases 357ca19c7a49a9b9cb2ef639b366f03aba8bea39/c630b8ab0f970614d42da8e566e9c0d15a16414c. This impacts the function searchpapers of the file researchserver.py. Performing a manipulation of the argument topic results in path traversal. Remote...

7.5CVSS7AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:35 p.m.6 views

CVE-2026-5961

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

7.5CVSS7AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:23 p.m.5 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS5.4AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:22 p.m.6 views

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.5AI score0.00544EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:12 p.m.6 views

CVE-2026-39972

Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an attacker to poison the match result cache, potentially causing private updates to be delivered to...

7.1CVSS5.4AI score0.00341EPSS
Exploits0References1
OSV
OSVadded 2026/06/05 11:24 a.m.2 views

MINI-F6JV-CC4H-MWGP

Bulletin has no description...

6.1CVSS5.1AI score0.00236EPSS
Exploits0
OSV
OSVadded 2026/06/05 3:55 a.m.2 views

MINI-PMMG-6GP8-66J7

Bulletin has no description...

6.3CVSS5.2AI score0.00173EPSS
Exploits0
NVD
NVDadded 2026/06/04 4:17 a.m.11 views

CVE-2026-49185

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

10CVSS0.00387EPSS
Exploits0References1
NVD
NVDadded 2026/06/04 4:17 a.m.13 views

CVE-2026-49186

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

9.8CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/06/04 3:36 a.m.36 views

CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

8.6CVSS0.0032EPSS
Exploits0References1
EUVD
EUVDadded 2026/06/04 3:36 a.m.10 views

EUVD-2026-34200

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

9.8CVSS5.8AI score0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/04 3:36 a.m.6 views

CVE-2026-49186

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

8.6CVSS5.8AI score0.0032EPSS
Exploits0References2
CVE
CVEadded 2026/06/04 3:36 a.m.26 views

CVE-2026-49186

CVE-2026-49186 : The provided documents describe a vulnerability in a local MQTT broker where topic-level ACLs are not enforced. This allows any client to subscribe with wildcards (# or +) and enumerate hidden devices, or publish rogue control commands. The issue is rooted in missing access contr...

9.8CVSS5.8AI score0.0032EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/04 3:36 a.m.6 views

CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

8.6CVSS5.8AI score0.0032EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/06/04 2:55 a.m.6 views

CVE-2026-49185

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

10CVSS5.8AI score0.00387EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/04 2:55 a.m.11 views

EUVD-2026-34199

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

10CVSS5.8AI score0.00387EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/06/04 12:0 a.m.7 views

PT-2026-46141

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

8.6CVSS5.8AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/06/04 12:0 a.m.3 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of mandatory implementation of topic-level access control lists by the local MQTT Broker. As a result, any client that...

9.8CVSS5.3AI score0.0032EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2026/06/03 4:2 p.m.5 views

CVE-2026-10258

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...

6.5CVSS5.7AI score0.00319EPSS
Exploits0References1
NVD
NVDadded 2026/06/02 5:16 p.m.14 views

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level viewothertopics authorization. As a result, in forums where users may enter the forum...

5.3CVSS0.00235EPSS
Exploits0References1
Rows per page
Query Builder