Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5270 matches found

Vulnrichment
Vulnrichmentadded 2026/06/01 4:1 p.m.10 views

CVE-2026-44211 Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.00154EPSS
Exploits1References1
EUVD
EUVDadded 2026/06/01 4:1 p.m.9 views

EUVD-2026-33662

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time of publication, there are no publicly available patches...

9.6CVSS5.8AI score0.00154EPSS
Exploits1References1
Github Security Blog
Github Security Blogadded 2026/06/01 2:12 p.m.30 views

Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

6.1AI score0.0005EPSS
Exploits0References4Affected Software1
SUSE Linux
SUSE Linuxadded 2026/06/01 10:3 a.m.15 views

Security update for wireshark

This update for wireshark fixes the following issues CVE-2026-5401: AFP dissector crash bsc1263756. CVE-2026-5403: SBC audio codec crash bsc1263765. CVE-2026-5404: K12 RF5 file parser crash bsc1263766. CVE-2026-5405: RDP dissector crash bsc1263767. CVE-2026-5406: FC-SWILS dissector crash...

8.8CVSS6.7AI score0.00206EPSS
Exploits29References116
GithubExploit
GithubExploitadded 2026/06/01 5:34 a.m.105 views

Exploit for Server-Side Request Forgery in Vercel Next.Js

NEXT-SSRF SSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next...

8.6CVSS5.8AI score0.02829EPSS
Exploits8
RedHat Linux
RedHat Linuxadded 2026/06/01 2:0 a.m.14 views

qemu-kvm: VNC WebSocket handshake use-after-free

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

7.5CVSS5.7AI score0.00794EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2026/06/01 2:0 a.m.20 views

Low: Red Hat Security Advisory: qemu-kvm security update

An update for qemu-kvm is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

7.5CVSS5.8AI score0.00794EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/06/01 12:0 a.m.5 views

Cline 安全漏洞

Cline is an AI programming assistant that serves as an integrated CLI and editor for necboy’s personal developers. Cline versions 2.13.0 and earlier contained security vulnerabilities, which were caused by cross-source WebSocket hijacking. These vulnerabilities could allow attackers to hijack...

9.6CVSS5.3AI score0.00154EPSS
Exploits1References2
NVD
NVDadded 2026/05/29 6:17 p.m.11 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS0.00988EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 6:17 p.m.11 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS0.00777EPSS
Exploits0References1
CVE
CVEadded 2026/05/29 4:40 p.m.13 views

CVE-2026-45629

Dokploy (PaaS) v0.28.8 and earlier is vulnerable to authenticated OS command injection via the /listen-deployment WebSocket endpoint. An organization member can execute arbitrary system commands on remote Dokploy-managed servers, potentially achieving full server compromise. The CVSS metrics indi...

9.9CVSS6.1AI score0.00777EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 4:40 p.m.9 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00777EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 4:40 p.m.34 views

CVE-2026-45629 Dokploy: Authenticated Remote Code Execution via Command Injection in /listen-deployment WebSocket Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS0.00777EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 4:40 p.m.7 views

CVE-2026-45629

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00777EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/29 4:40 p.m.10 views

EUVD-2026-33362

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to execute arbitrary system commands on remote servers managed by Dokploy, leading to full server...

9.9CVSS6.1AI score0.00777EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 4:16 p.m.9 views

CVE-2026-10099

XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocketreceiveworker routine of simplehttpserver.py that allows attackers to cause corrupted application data by sending unmasked WebSocket frames. The server unconditionally reads 4 bytes as a masking key regardless of...

5.1CVSS0.00125EPSS
Exploits0References4
CVE
CVEadded 2026/05/29 4:10 p.m.15 views

CVE-2026-45633

CVE-2026-45633 : Dokploy (PaaS) v0.26.6 and earlier suffers a command injection in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, enabling authenticated users to execute arbitrary commands with root...

9.9CVSS6.1AI score0.00988EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 4:10 p.m.31 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS0.00988EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 4:10 p.m.7 views

CVE-2026-45633

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00988EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 4:10 p.m.11 views

CVE-2026-45633 Dokploy: Command Injection in /docker-container-logs Endpoint

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and since parameters are not validated and are directly concatenated into shell commands, allowing...

9.9CVSS6.1AI score0.00988EPSS
Exploits0References1
Rows per page
Query Builder