Lucene search
K

4905388 matches found

Chainguard
Chainguard
added 11 minutes ago1 views

CVE-2022-31129 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

7.5CVSS6.7AI score0.04923EPSS
Exploits1
Chainguard
Chainguard
added 11 minutes ago0 views

CVE-2022-24785 vulnerabilities

Vulnerabilities for packages: wazuh-dashboard-fips, wazuh-dashboard...

7.5CVSS6.7AI score0.05664EPSS
Exploits0
Chainguard
Chainguard
added 11 minutes ago0 views

CVE-2026-8643 vulnerabilities

Vulnerabilities for packages: graalvm, wazuh-manager-fips...

8CVSS7AI score0.0032EPSS
Exploits0
GithubExploit
GithubExploit
added 19 minutes ago1 views

Exploit for Improper Authentication in Hikvision Ds-2Cd2032-I_Firmware

CVE-2017-7921 — Hikvision IP Camera / DVR / NVR Improper Au...

9.8CVSS7AI score0.99998EPSS
Exploits12
GithubExploit
GithubExploit
added 23 minutes ago2 views

exploit-library

Exploit Library Personal collection of verified CVE exploits,...

10CVSS7.1AI score0.9967EPSS
Exploits10
CVE
CVE
added 28 minutes ago2 views

CVE-2026-15625 nextlevelbuilder GoClaw exec_approval.go ExecApprovalManager.CheckCommand incomplete blacklist

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS6.4AI score
Exploits0References12
Cvelist
Cvelist
added 28 minutes ago2 views

CVE-2026-15625 nextlevelbuilder GoClaw exec_approval.go ExecApprovalManager.CheckCommand incomplete blacklist

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS
Exploits0References12
CVE
CVE
added 58 minutes ago1 views

CVE-2026-15624 nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...

6.5CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added 58 minutes ago2 views

CVE-2026-15624 nextlevelbuilder GoClaw invoke Endpoint create_video_byteplus.go bytePlusDownloadVideo server-side request forgery

A vulnerability has been found in nextlevelbuilder GoClaw 3.13.3-beta.3. Affected by this vulnerability is the function bytePlusDownloadVideo of the file internal/tools/createvideobyteplus.go of the component invoke Endpoint. The manipulation of the argument output.videourl leads to server-side...

6.5CVSS
Exploits0References6
CVE
CVE
added 58 minutes ago2 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.2AI score
Exploits0References9
CVE
CVE
added 58 minutes ago2 views

CVE-2026-7640 WP Customer Area <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'type' Shortcode Attribute

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS6.2AI score
Exploits0References5
Cvelist
Cvelist
added 58 minutes ago2 views

CVE-2026-7640 WP Customer Area <= 8.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'type' Shortcode Attribute

The WP Customer Area plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the customer-area-protected-content shortcode in all versions up to, and including, 8.3.5. This is due to insufficient input sanitization and output escaping on the shortcode...

6.4CVSS
Exploits0References5
Cvelist
Cvelist
added 58 minutes ago1 views

CVE-2026-11390 News Kit Addons For Elementor <= 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets

The News Kit Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Site Logo Title and Single Author Box Widgets in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS
Exploits0References9
CVE
CVE
added 58 minutes ago2 views

CVE-2026-11802 FoodBook Lite <= 1.5.6 - Missing Authorization to Unauthenticated User Registration via 'registration_action' AJAX Action

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS6AI score
Exploits0References8
Cvelist
Cvelist
added 58 minutes ago1 views

CVE-2026-11802 FoodBook Lite <= 1.5.6 - Missing Authorization to Unauthenticated User Registration via 'registration_action' AJAX Action

The FoodBook Lite - Online Food Ordering System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.5.6. The registration function, accessible via the wpajaxnoprivregistrationaction AJAX action, lacks any nonce verification or capability check, and...

5.3CVSS
Exploits0References8
Fedora
Fedora
added 1 hour ago3 views

[SECURITY] Fedora 43 Update: calibre-9.11.0-1.fc43

Calibre is meant to be a complete e-library solution. It includes library management, format conversion, news feeds to ebook conversion as well as e-book reader sync features. Calibre is primarily a ebook cataloging program. It manages your ebook collection for you. It is designed around the...

8.5CVSS6.1AI score0.00197EPSS
Exploits0
Fedora
Fedora
added 1 hour ago3 views

[SECURITY] Fedora 43 Update: golang-github-openprinting-ipp-usb-0.9.34-1.fc43

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
NVD
NVD
added 1 hour ago3 views

CVE-2026-44769

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS
Exploits0References2
NVD
NVD
added 1 hour ago3 views

CVE-2026-44767

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS
Exploits0References2
NVD
NVD
added 1 hour ago3 views

CVE-2026-44761

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS
Exploits0References2
Rows per page
Query Builder