Lucene search
K

5925 matches found

Nuclei
Nuclei
added 2 days ago59 views

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...

8.6CVSS7.7AI score0.70894EPSS
Exploits5References5
Nuclei
Nuclei
added 3 days ago44 views

Progress Telerik Report Server - Authentication Bypass

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. id: CVE-2024-4358 info: name: Progress Telerik Report Server - Authenticatio...

9.9CVSS7.6AI score0.97482EPSS
Exploits14References3
Nuclei
Nuclei
added 6 days ago274 views

Kentico CMS Insecure Deserialization Remote Code Execution

Kentico CMS is susceptible to remote code execution via a .NET deserialization vulnerability. id: CVE-2019-10068 info: name: Kentico CMS Insecure Deserialization Remote Code Execution author: davidmckennirey severity: critical description: Kentico CMS is susceptible to remote code execution via a...

9.8CVSS7.9AI score0.96031EPSS
Exploits5References5
Packet Storm
Packet Storm
added 2026/06/24 12:0 a.m.35 views

📄 HTTP.sys HTTP/2 Denial of Service

This advisory provides simple proof of concept details to trigger the HTTP/2 denial of service condition related to malformed Accept-Encoding headers. Titles: CVE-2026-49160 - HTTP.sys HTTP/2 Denial of Service DoS Vulnerability Author: nu11secur1ty Date: 06/24/2026 Vendor: Microsoft Corporation...

7.5CVSS6.1AI score0.48438EPSS
Exploits2
The Hacker News
The Hacker News
added 2026/06/23 3:56 a.m.10 views

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence AI company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software...

7.5CVSS6.1AI score0.06662EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/23 2:33 a.m.46 views

sharepoint-sqli-research

SharePoint SQL Injection Research Analysis of SQL injection v...

6.2AI score
Exploits0
Nuclei
Nuclei
added 2026/06/22 5:20 a.m.21 views

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in ModSecurity-Apache

ModSecurity is an open-source, cross-platform Web application firewall WAF engine for Apache, IIS, and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in a specific scenario: when the payload’s content type is application/json, and there is at least one rule that...

7.5CVSS7.3AI score0.00559EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in ModSecurity-Apache

ModSecurity is an open-source, cross-platform Web Application Firewall WAF engine for Apache, IIS, and Nginx. Versions prior to 2.9.10 contain a denial-of-service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg – it’s the same action, just a alias...

7.5CVSS7.7AI score0.0076EPSS
Exploits1References2
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.276 views

Windows Server 2003 & IIS 6.0 - Remote Code Execution

Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If http://" in a PROPFIND...

10CVSS9.5AI score0.99823EPSS
Exploits39References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.867 views

Microsoft Windows 'HTTP.sys' - Remote Code Execution

HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." id: CVE-2015-1635 info: name: Microsoft...

10CVSS9.1AI score0.99999EPSS
Exploits16References5
Packet Storm
Packet Storm
added 2026/06/16 12:0 a.m.48 views

📄 Wertheim SafeController Software for VAULT ROOMS Traversal / Bypass / Broken Controls

Wertheim SafeController Software for VAULT ROOMS with AssemblyVersion 6.15.8328.28014 suffer from violation of least privilege, broken websocket authorization, broken access control, IP restriction bypass, path traversal, upload restriction bypass, unauthenticated access, hardcoded secret,...

8.6CVSS5.2AI score0.00397EPSS
Exploits1
OSV
OSV
added 2026/06/15 8:16 p.m.5 views

GHSA-WQP7-X3PW-XC5R Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.6AI score0.00368EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:16 p.m.9 views

Server-side Request Forgery (SSRF)

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the StaticFiles file on Windows systems when handling UNC paths. An attacker can obtain NTLMv2 credentials of the service account by sending a...

8.8CVSS5.4AI score0.00368EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:16 p.m.23 views

Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.5AI score0.00368EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49554

Name of the Vulnerable Software and Affected Versions Starlette versions prior to 1.1.0 Description On Windows, the StaticFiles component is susceptible to Server-Side Request Forgery SSRF. When a request containing a Universal Naming Convention UNC path, such as attacker.comshare, is processed,...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References13
GithubExploit
GithubExploit
added 2026/06/13 4:5 a.m.86 views

Exploit for Memory Allocation with Excessive Size Value in Apache Http_Server

http2-bomb-detector HTTP/2 Bomb CVE-2026-49975 Non-destru...

7.5CVSS5.6AI score0.11471EPSS
Exploits7
Packet Storm
Packet Storm
added 2026/06/12 12:0 a.m.63 views

📄 HTTP/2 Multi-Server HPACK Exhaustion

This code implements a multi-target HTTP/2 resource exhaustion framework designed to stress or overwhelm server implementations through protocol-level amplification techniques. It includes server-specific payload generation for multiple platforms, automated connection orchestration, stream scalin...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/11 11:8 a.m.94 views

Bug-Bounty-Practice-lab

Syntex Solutions — Vulnerable Lab ⚠️ WARNING — FOR AUTHOR...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/10 9:38 a.m.18 views

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63...

9.8CVSS7.3AI score0.48438EPSS
Exploits5
Rows per page
Query Builder