Lucene search
+L

895816 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.365 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
GithubExploit
GithubExploit
added 20 minutes ago2 views

Exploit for CVE-2026-9271

KIM-Guardian Pro CVE-2026-9271 — WordPress KeepInMind Sto...

5.9CVSS0.00411EPSS
Exploits3
CVE
CVE
added 26 minutes ago10 views

CVE-2026-53727 css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...

8.9CVSS
Exploits0References4
Cvelist
Cvelist
added 26 minutes ago5 views

CVE-2026-53727 css_parser: SSRF and Local File Disclosure in `CssParser::Parser#read_remote_file`

cssparser is a Ruby CSS parser. From 2.2.0 until 3.0.0, CssParser::Parserreadremotefile in lib/cssparser/parser.rb, and therefore loaduri! and the @import-following branch of addblock!, issued HTTP and HTTPS requests against any host, port, and URI without a scheme allowlist, host or IP filtering...

8.9CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added 31 minutes ago3 views

PRoot-Distro has Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs

Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs Repository https://github.com/termux/proot-distro Maintainer: @sylirre Affected Component Package: proot-distro Affected command: copy Attack surface: Host-side Termux CLI — this is...

Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 37 minutes ago2 views

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry...

6AI score
Exploits0
Patchstack
Patchstack
added 37 minutes ago3 views

NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes

NPM: ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes vulnerability discovered by ? in WordPress Npm exifreader versions = 4.40.0...

Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 37 minutes ago3 views

ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes

Summary ExifReader 4.40.0 can throw an uncaught RangeError: Offset is outside the bounds of the DataView while parsing crafted HEIC/AVIF files. The file only needs a valid leading ftyp box with a HEIC/AVIF major brand followed by a malformed ISO-BMFF box, such as an empty 8-byte free box or a...

Exploits0References3Affected Software1
NVD
NVD
added 40 minutes ago2 views

CVE-2026-8859

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow could allow an attacker to write arbitrary files to unintended locations due to improper input validation in the APIRequest component. A path traversal vulnerability exists when the "Save to File" feature is enabled, where filenames extracted from HT...

9.9CVSS
Exploits0References1
NVD
NVD
added 40 minutes ago2 views

CVE-2026-8476

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...

9.9CVSS
Exploits0References1
NVD
NVD
added 40 minutes ago2 views

CVE-2026-7667

IBM Langflow OSS 1.0.0 through 1.10.0 allows an authenticated attacker to create a malicious flow pointing to an attacker-controlled URL that returns a specially crafted Content-Disposition header e.g., filename="../../../target/path" , enabling arbitrary file write operations with...

8.8CVSS
Exploits0References1
NVD
NVD
added 40 minutes ago3 views

CVE-2026-50289

systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...

8.7CVSS
Exploits0References3
NVD
NVD
added 40 minutes ago2 views

CVE-2026-50163

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.2, ensureLinkPath in content/file/utils.go:262-275 validates a hardlink target relative to the extract base but returns the unresolved target, causing os.Link"victim.secret", "/payload.tar.gz/evilcwdlink" to resolve header.Linkname...

7.1CVSS
Exploits0References4
NVD
NVD
added 40 minutes ago2 views

CVE-2026-50162

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, resolveWritePath in content/file/file.go uses a lexical filepath.Rel check for workingDir and does not account for symlink traversal, so when AllowPathTraversalOnWrite=false an attacker-controlled blob title through...

6.9CVSS
Exploits0References3
NVD
NVD
added 40 minutes ago2 views

CVE-2026-48373

Acrobat Reader is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS
Exploits0References1
NVD
NVD
added 40 minutes ago2 views

CVE-2026-16118

A flaw was found in xdgmime. A heap-based buffer overflow can be triggered in xdgmimemagicparsemagicline in the xdgmimemagic.c file on little-endian systems when an attacker-controlled MIME magic file in a user-writable XDG data location e.g., in the $XDGDATAHOME/mime/magic path is parsed by an...

7.1CVSS
Exploits0References3
NVD
NVD
added 40 minutes ago2 views

CVE-2026-36669

An unauthenticated arbitrary file upload vulnerability in ckuploadhandler.php in Feng Office 3.11.13.11 allows remote attackers to upload malicious files such as .html to the web-accessible /tmp/ directory...

Exploits0References2
NVD
NVD
added 40 minutes ago2 views

CVE-2026-44974

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
CVE
CVE
added 42 minutes ago3 views

CVE-2026-16074 AstrBotDevs AstrBot Plugin Update plugin.py update_all_plugins server-side request forgery

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function updateplugin/updateallplugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument downloadurl/downloadurls/proxy results in server-side...

6.5CVSS
Exploits0References5
Cvelist
Cvelist
added 42 minutes ago3 views

CVE-2026-16074 AstrBotDevs AstrBot Plugin Update plugin.py update_all_plugins server-side request forgery

A vulnerability was detected in AstrBotDevs AstrBot up to 4.25.2. This affects the function updateplugin/updateallplugins of the file astrbot/dashboard/routes/plugin.py of the component Plugin Update Handler. The manipulation of the argument downloadurl/downloadurls/proxy results in server-side...

6.5CVSS
Exploits0References5
Rows per page
Query Builder