Lucene search
+L

5826 matches found

Nuclei
Nuclei
added 8 hours ago40 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS8.8AI score0.04974EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday27 views

CVE-2026-51082

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager before 9.1.9 and 8.x before 8.4.19; qemu-server 9.x before 9.1.7 and 8.x before 8.4.7; and pve-container before 6.1.3 PVE 9.x and before 5.3.4 PVE 8.x allows an attacker with...

Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-60773

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...

5.3AI score
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-44727

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS6.1AI score0.00304EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-1562 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.6CVSS0.00304EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-60235

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Cloud Platform versions prior to 10.5.2605.0 Splunk Cloud Platfo...

5.3CVSS6.1AI score0.00219EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-15641

Technical details (affected products, components, versions, root cause, or exploit info) are not publicly available in the provided documents. Monitor for updates from vendors and CVE feeds.

7.1CVSS6.1AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/11 5:35 a.m.41 views

CVE-2026-12126 WCFM Marketplace <= 3.7.3 - Authenticated (Vendor+) Stored Cross-Site Scripting via Attachment 'post_title'

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
NVD
NVD
added 2026/07/10 9:16 p.m.7 views

CVE-2026-41154

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

7.8CVSS0.00131EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 5:17 p.m.7 views

CVE-2026-59154

Wekan is open source kanban built with Meteor. Prior to 9.64, Wekan has a cross-board authorization bypass in the direct Meteor collection allow rules for Checklists and ChecklistItems because updates are authorized only against the current source doc.cardId and do not inspect the destination...

4.3CVSS0.00208EPSS
Exploits0References3
NVD
NVD
added 2026/07/10 5:16 p.m.8 views

CVE-2026-39903

Simple Machines Forum 2.1 prior to commit 7d048f8 and 3.0 prior to commit a7875e8 contains an authorization bypass vulnerability in Sources/Actions/AttachmentApprove.php where a single-character operator error causes the permission check to always pass regardless of user permissions. An...

7.1CVSS0.00333EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 4:3 p.m.11 views

CVE-2026-39903

The CVE concerns Simple Machines Forum (SMF) 2.1 prior to 2.1.8 and 3.0 prior to 3.0 Alpha 5. A single-character operator error in Sources/Actions/AttachmentApprove.php causes the permission check to always pass, enabling an authenticated low-privilege user to approve, reject, or delete any pendi...

7.1CVSS6.1AI score0.00333EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/08 9:21 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the renderin. An attacker can access sensitive information or perform unauthorized actions by exploiting stale render context, which may include helpers, controller, request, viewflow, format/variant details, an...

8.6CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/08 8:16 p.m.5 views

CVE-2026-59821

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. Prior to 1.82.0-stable, LiteLLM's Custom Code Guardrails production create and update paths did not apply the same sandboxing and validation used by the test endpoint, allowing a privileged user with access to creat...

7.2CVSS0.00355EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 4:17 a.m.10 views

CVE-2026-34048

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal websocket bootstrap routes only check authentication and do not enforce terminal authorization, allowing a low-privileged team member to connect to terminal routes...

9.9CVSS0.00405EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/03 12:31 a.m.8 views

EUVD-2026-41462

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 11.8 up to and including 11.12.4Update1, 12.0 up ...

8.6CVSS6.1AI score0.00439EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 11:8 p.m.27 views

CVE-2026-13053

WatchGuard Fireware OS has an authenticated out-of-bounds write vulnerability in the CLI command handler (CVE-2026-13053). A privileged, authenticated attacker could trigger code execution via a crafted CLI input. Affected versions include Fireware OS 11.0–11.12.4_Update1, 12.0–12.12, and 2025.1–...

8.6CVSS6.1AI score0.00468EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/02 11:8 p.m.11 views

CVE-2026-13053

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command. This vulnerability affects Fireware OS 11.0 up to and including 11.12.4Update1, 12.0 up to and including 12.12 and 2025....

8.6CVSS6.1AI score0.00468EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/02 11:8 p.m.32 views

CVE-2026-13050

Summary (CVE-2026-13050): An out-of-bounds write in WatchGuard Fireware OS is exposed via the networkd component. An authenticated privileged user can trigger arbitrary code execution by sending specially crafted requests to the Management Web UI. Affected: Fireware OS versions 11.8 (through 11.1...

8.6CVSS6.1AI score0.00439EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:8 p.m.44 views

CVE-2026-13050 WatchGuard Firebox networkd Out of Bounds Write Vulnerability

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS networkd process could allow an authenticated privileged user to execute arbitrary code via a specially crafted requests to the Management Web UI.This vulnerability affects Fireware OS 11.8 up to and including 11.12.4Update1, 12.0 up ...

8.6CVSS0.00439EPSS
Exploits0References1
Rows per page
Query Builder