Lucene search
+L

5003062 matches found

Cvelist
Cvelist
added 8 minutes ago2 views

CVE-2026-56171 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

...

7.1CVSS
Exploits0References1
CVE
CVE
added 8 minutes ago14 views

CVE-2026-56171 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 13 minutes ago2 views

CVE-2026-57980 Microsoft Edge (Chromium-based) Tampering Vulnerability

...

5.4CVSS
Exploits0References1
CVE
CVE
added 13 minutes ago3 views

CVE-2026-57980 Microsoft Edge (Chromium-based) Tampering Vulnerability

...

5.4CVSS
Exploits0References1
The Hacker News
The Hacker News
added 23 minutes ago1 views

New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code

An anonymous HTTP request can run code on a WordPress site. The bug is in core, so a bare install with zero plugins is exploitable. Every 6.9 and 7.0 site was in range until Friday, when WordPress shipped 6.9.5 and 7.0.2 and enabled what it calls forced updates through its auto-update system. Ada...

6.2AI score
Exploits0
NVD
NVD
added 25 minutes ago2 views

CVE-2026-54498

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Basearoundrender can return HTML-unsafe strings that bypass the escaping behavior applied to normal call return values. This creates an XSS risk...

8.7CVSS
Exploits0References4
NVD
NVD
added 25 minutes ago1 views

CVE-2026-55518

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to 3.32.1 and 4.0.0.beta.51, Avo's association attach workflow checks attach? in the UI and GET /resources/:resource/:id/:related/new path, but the actual write endpoint, POST /resources/:resource/:id/:related, does not run t...

9.6CVSS
Exploits0References4
NVD
NVD
added 25 minutes ago1 views

CVE-2026-54163

secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...

4.7CVSS0.00031EPSS
Exploits0References3
NVD
NVD
added 25 minutes ago1 views

CVE-2026-54244

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.74.0 and 6.20.3, the Live Preview endpoint for existing entries and terms in src/Http/Controllers/CP/PreviewController.php only checked view authorization, but it accepts and renders caller-supplied field values. A...

3.5CVSS
Exploits0References5
NVD
NVD
added 25 minutes ago1 views

CVE-2026-54242

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, the Glide image proxy's URL validation in src/Imaging/RemoteUrlValidator.php and src/Imaging/GuzzleAdapter.php could be bypassed using DNS rebinding. The remote hostname was validated as publicly...

4.9CVSS
Exploits0References5
NVD
NVD
added 25 minutes ago1 views

CVE-2026-54243

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS
Exploits0References5
NVD
NVD
added 25 minutes ago1 views

CVE-2026-54466

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, the frame format in draft versions of the WebSocket protocol includes a length header that allows an arbitrarily large integer to be encoded as a sequence of bytes with the high bit set. By sending an indefinite...

9.2CVSS
Exploits0References2
NVD
NVD
added 25 minutes ago1 views

CVE-2026-54490

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.7.5, if this library is used with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size because the limit is checked...

6.3CVSS
Exploits0References2
NVD
NVD
added 25 minutes ago1 views

CVE-2026-54497

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 4.0.0 until 4.12.0, ViewComponent::Base instances retain render-scoped objects across calls to renderin; if the same component, collection, or spacer component instance is reused...

6.8CVSS
Exploits0References3
NVD
NVD
added 25 minutes ago1 views

CVE-2026-52348

cool-admin-java 8.0.0 has a SQL injection vulnerability in the order method of CrudOption.java...

Exploits0References1
NVD
NVD
added 25 minutes ago1 views

CVE-2026-50274

Datadog dd-trace-go is a Go client library for Datadog application performance monitoring, profiling, and security monitoring. Prior to 2.8.1, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or...

7.5CVSS0.00106EPSS
Exploits0References4
NVD
NVD
added 25 minutes ago1 views

CVE-2026-50271

Datadog dd-trace-py is the Datadog Python APM client. Prior to 4.8.2, Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES limits on the extract path. A remote, unauthenticated...

7.5CVSS0.00106EPSS
Exploits0References4
NVD
NVD
added 25 minutes ago1 views

CVE-2026-50272

dd-trace is the Datadog APM client for Node.js. Prior to 5.100.0, W3C baggage propagation in packages/dd-trace/src/baggage.js and packages/dd-trace/src/opentracing/propagation/textmap.js parsed incoming baggage HTTP headers without enforcing DDTRACEBAGGAGEMAXITEMS or DDTRACEBAGGAGEMAXBYTES on...

7.5CVSS0.00106EPSS
Exploits0References4
NVD
NVD
added 25 minutes ago1 views

CVE-2026-52203

An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter...

Exploits0References1
NVD
NVD
added 25 minutes ago1 views

CVE-2026-52584

Buffer Overflow vulnerability in libjxl v.0.11.2 and before allows a local attacker to obtain sensitive information via the DecodeImageAPNG function...

Exploits0References2
Rows per page
Query Builder