Lucene search
K

31794 matches found

IBM Security Bulletins
IBM Security Bulletins
added yesterday3 views

Security Bulletin: Multiple vulnerabilities that affects IBM Db2 Genius Hub

Summary The following dependency packages are being used by IBM Db2 Genius Hub - urllib3, tornado, tensorflow, requests, pythondotenv, pytest, Pygments, idna, flask, certifi, react-router, brace-expansion, golang.org/x/sys, golang.org/x/net, golang.org/x/crypto, axios, RedisBloom, redis,...

9.8CVSS6.8AI score0.2241EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities

Summary IBM Guardium Data Security Center has addressed these vulnerabilities with an update. Vulnerability Details CVEID:CVE-2026-41683 DESCRIPTION: i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3,...

8.9CVSS7AI score0.00804EPSS
Exploits1Affected Software1
PyPA
PyPA
added yesterday3 views

OpenStack Ironic has an Incorrect Resource Transfer Between Spheres

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS6.1AI score0.0044EPSS
Exploits0References7Affected Software1
OSV
OSV
added yesterday3 views

PYSEC-2026-2526 OpenStack Ironic has an Incorrect Resource Transfer Between Spheres

An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-limited Keystone token which provides access to all OpenStack services Ironic is authorized for; o...

7.7CVSS6.1AI score0.0044EPSS
Exploits0References7
GithubExploit
GithubExploit
added yesterday26 views

poc2

OWASP Vulnerability Learning Lab Spring Boot 3 ⚠️ WARNIN...

6.2AI score
Exploits0
PyPA
PyPA
added yesterday3 views

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

ImpactWhat kind of vulnerability is it? Who is impacted?Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer.Only the sender of the file the...

8.2CVSS6AI score0.0035EPSS
Exploits0References5Affected Software1
OSV
OSV
added yesterday2 views

PYSEC-2026-2615 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

8.2CVSS6AI score0.0035EPSS
Exploits0References5
OSV
OSV
added yesterday2 views

PYSEC-2026-3058 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

7.3CVSS6.3AI score0.0026EPSS
Exploits1References9
PyPA
PyPA
added yesterday2 views

Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function

SummaryA stored Cross-site Scripting XSS vulnerability was identified in the Custom Rules function of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

7.3CVSS6.3AI score0.0026EPSS
Exploits1References9Affected Software1
GithubExploit
GithubExploit
added yesterday23 views

SnowCrasher

SnowCrasher This project is an introduction to cyber security...

6AI score
Exploits0
NCSC
NCSC
added yesterday6 views

Vulnerabilities are being addressed in the Progress MOVEit Transfer process.

Progress has addressed vulnerabilities in MOVEit Transfer, specifically in the Custom Reports module and the Ad Hoc module. These vulnerabilities affect multiple versions of MOVEit Transfer, including 25.0.0 to 25.0.7, 25.1.0 to 25.1.3, and 26.0.0 just before 26.0.1. One vulnerability in the Cust...

8CVSS6AI score0.00442EPSS
Exploits0References1
The Hacker News
The Hacker News
added yesterday5 views

Misconfigured Server Reveals Three Evilginx Phishing Operations Targeting Microsoft 365

An attacker running a live Microsoft 365 phishing operation left a Python web server listening on a public port with directory listing switched on. The command that did it: python3 -m http.server 8080, was still sitting in the readable .bashhistory. From that one lapse, French security firm Lexfo...

6.2AI score
Exploits0
Nuclei
Nuclei
added yesterday95 views

Fortra FileCatalyst Workflow <= v5.1.6 - SQL Injection

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

9.8CVSS7.1AI score0.90067EPSS
Exploits5References4
Nuclei
Nuclei
added yesterday30 views

Apache2 - Transfer-Encoding Chunked XSS

Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...

6.1CVSS6.7AI score0.04103EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday228 views

CrushFTP < 10.5.1 - Unauthenticated Remote Code Execution

CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. id: CVE-2023-43177 info: name: CrushFTP 10.5.1 - Unauthenticated Remote Code Execution author: iamnoooob,rootxharsh,pdresearch severity: critical description: | CrushFTP prior...

9.8CVSS7.1AI score0.81801EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday168 views

MinIO - Incomplete Signature Validation for Unsigned-Trailer Uploads

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on...

8.7CVSS7AI score0.02421EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday100 views

F5 BIG-IP - Unauthenticated RCE via AJP Smuggling

CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution RCE. The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass...

9.8CVSS7.6AI score0.96515EPSS
Exploits17References5
Nuclei
Nuclei
added yesterday26 views

Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS6.2AI score0.74535EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday79 views

WordPress Loco Translate < 2.6.1 - Cross-Site Scripting

Loco Translate WordPress plugin before 2.6.1 contains a stored cross-site scripting vulnerability caused by improper removal of inline events from source translation strings, allowing authenticated users to inject arbitrary JavaScript payloads. id: CVE-2022-0765 info: name: WordPress Loco Transla...

5.4CVSS6.2AI score0.03932EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday92 views

openSIS Student Information System 8.0 SQL Injection

openSIS Student Information System version 8.0 is susceptible to SQL injection via the studentid and TRANSFERSCHOOL parameters in POST request sent to /TransferredOutModal.php. id: CVE-2021-41691 info: name: openSIS Student Information System 8.0 SQL Injection author: Bartu Utku SARP severity: hi...

9.8CVSS6.5AI score0.01723EPSS
Exploits1References3
Rows per page
Query Builder