Lucene search
K

252888 matches found

Nuclei
Nuclei
added yesterday9 views

LiteLLM - Command Injection

A critical unauthenticated remote code execution vulnerability exists in LiteLLM due to improper input handling in the MCP stdio test endpoint. An attacker can send a specially crafted request to the /mcp-rest/test/connection endpoint with controlled parameters, resulting in arbitrary command...

8.8CVSS7.1AI score0.80188EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday25 views

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.7AI score0.96666EPSS
Exploits12References3
Nuclei
Nuclei
added yesterday17 views

Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

8.8CVSS7.7AI score0.96666EPSS
Exploits12References4
Cvelist
Cvelist
added yesterday4 views

CVE-2026-7840 UltraVNC repeater HTTP server global buffer overflow via long URI (pre-auth RCE)

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS0.01203EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-7840

CVE-2026-7840 (UltraVNC repeater) : A global buffer overflow in the embedded HTTP administration server affects UltraVNC repeater versions up to 1.8.2.2. The functions wi_senderr() and wi_replyhdr() copy the caller-supplied HTTP request URI into a fixed 1000-byte buffer (hdrbuf) using unchecked s...

9.8CVSS6.6AI score0.01203EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-40886

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS6.6AI score0.01203EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday6 views

CVE-2026-7838 UltraVNC viewer heap buffer overflow via integer overflow in RFB connection-failure reason length

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field type CARD32 is passed as reasonLen+1 to CheckBufferSize. Because both...

8.8CVSS0.01152EPSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-7838

UltraVNC viewer up to 1.8.2.2 is affected by an integer overflow leading to a heap buffer overflow in the RFB failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte reasonLen field is used as reasonLen+1 in CheckBufferSize(); with unsigned 32-bit operands, reasonLen 0xFFFFFF...

8.8CVSS6.6AI score0.01152EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-40884

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field type CARD32 is passed as reasonLen+1 to CheckBufferSize. Because both...

8.8CVSS6.6AI score0.01152EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-40794

Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40795

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

6.2AI score0.00198EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40791

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40778

Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40773

Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-40754

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00267EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-40751

Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-40694

Use after free in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-40653

Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-40656

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a malicious file. Chromium security severity: Medium...

6.2AI score0.00236EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40655

Heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.4AI score0.00302EPSS
Exploits0References3
Rows per page
Query Builder