Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

38130 matches found

CVE
CVEadded 2026/05/14 5:38 p.m.14 views

CVE-2026-46469

GStreamer gst-plugins-good prior to 1.28.2 contains a vulnerability in the isomp4 plugin (qtdemux_parse_trak) where insufficient validation of MP4 atom data allows integer division by zero, causing denial of service. The issue is fixed in 1.28.2 (see MR 11243; security advisory SA-2026-0018). No ...

5.5CVSS5.8AI score0.00101EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/14 5:38 p.m.27 views

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

4CVSS0.00101EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/14 5:38 p.m.6 views

EUVD-2026-30347

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

4CVSS5.8AI score0.00101EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/05/14 5:38 p.m.8 views

CVE-2026-46469

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxparsetrak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

5.5CVSS5.8AI score0.00101EPSS
Exploits0
RedHat Linux
RedHat Linuxadded 2026/05/14 4:55 p.m.6 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS6.9AI score0.00604EPSS
Exploits0References5
Patchstack
Patchstackadded 2026/05/14 4:21 p.m.7 views

WordPress Advanced Access Manager plugin <= 7.1.0 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by Tiago Ventura @perses in WordPress Plugin Advanced Access Manager versions = 7.1.0...

5.8AI score0.00274EPSS
Exploits0Affected Software1
Patchstack
Patchstackadded 2026/05/14 4:18 p.m.6 views

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints

NPM: n8n Has a Cross-user Authorization Bypass in Dynamic Credential OAuth Endpoints vulnerability discovered by ? in WordPress Npm n8n versions 1.123.43...

5.8AI score0.00043EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/14 2:48 p.m.4 views

EUVD-2026-30301

vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external...

9CVSS6AI score0.00312EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/14 1:52 p.m.23 views

EUVD-2026-30284

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References1
CVE
CVEadded 2026/05/14 12:24 p.m.7 views

CVE-2026-6008

CVE-2026-6008 describes an authorization bypass/IDOR in DijiDemi (Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.). Affected versions are v4.5.12.1 before v4.5.13.0. Root cause: user‑controlled key enables privilege escalation. Impact includes hi...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
Rockylinux
Rockylinuxadded 2026/05/14 12:3 p.m.17 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

9.8CVSS5.8AI score0.00599EPSS
Exploits7
OSV
OSVadded 2026/05/14 12:3 p.m.7 views

RLSA-2026:16482 Moderate: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: freerdp: FreeRDP: Denial of service due to use-after-free vulnerability...

7.3CVSS5.8AI score0.00599EPSS
Exploits7References9
The Hacker News
The Hacker Newsadded 2026/05/14 9:25 a.m.13 views

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework CTFMON. The security defects have been codenamed YellowKe...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/14 9:21 a.m.6 views

CVE-2025-11024

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS5.8AI score0.00358EPSS
Exploits0References2
Circl
Circladded 2026/05/14 9:14 a.m.8 views

CVE-2026-45585

creationtimestamp| type| source ---|---|--- 2026-05-14 09:14:46+00:00| seen| https://www.acn.gov.it/portale/w/microsoft-disponibili-poc-per-lo-sfruttamento-di-vulnerabilita-zero-day 2026-05-19 21:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1878 2026-05-20 02:33:59+00:00|...

6.8CVSS6.1AI score0.00846EPSS
Exploits2References56
RedHat Linux
RedHat Linuxadded 2026/05/14 6:58 a.m.17 views

Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1

zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...

8.9CVSS6.9AI score0.00789EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2026/05/14 6:54 a.m.18 views

Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1

zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...

8.9CVSS6.8AI score0.00524EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/05/14 6:53 a.m.14 views

Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1

zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...

8.9CVSS6.8AI score0.00524EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/05/14 6:50 a.m.12 views

Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1

zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...

8.9CVSS6.9AI score0.00789EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2026/05/14 6:44 a.m.17 views

Important: Red Hat Security Advisory: zero trust workload identity manager for Red Hat OpenShift 1.0.1

zero trust workload identity manager for Red Hat OpenShift 1.0.1 The Zero Trust Workload Identity Manager ZTWIM is a day-2 operator. The operator manages lifecycle of operand components from SPIRE project. The goal of ZTWIM is to provide secure, verifiable workload identities for workloads in...

8.9CVSS6.8AI score0.00524EPSS
Exploits0References3
Rows per page
Query Builder