Lucene search
K

161563 matches found

Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.56 views

📄 Camaleon CMS 2.9.0 Path Traversal

Camaleon CMS version 2.9.0 suffers from a path traversal vulnerability. Exploit Title: Camaleon CMS v2.9.0 - Path Traversal Date: 2026-02-02 Exploit Author: Sakshi Velampudi CyberQuestor Vendor Homepage: https://github.com/owen2345/camaleon-cms Software Link:...

7.7CVSS5.8AI score0.1456EPSS
Exploits11
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37002

OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending repeated login attempts to the main login endpoint. Attackers can submit POST requests with authUser and clearPass parameters to systematically test username and...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

eLabFTW 安全漏洞

eLabFTW is an open-source experimental data hosting platform developed by eLabFTW. This platform runs on the Linux system and supports the storage of various types of objects. Versions of eLabFTW 5.4.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the login process...

5.9CVSS5.9AI score0.00254EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.10 views

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Version 7.0.1 of OpenEMR contains a security vulnerability...

8.7CVSS5.8AI score0.00537EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37081

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list files/retrieve file/retrieve file content/delete file of the file libs/chatchat-server/chatchat/server/api server/openai routes.py of the component Compatible File...

6.3CVSS6.4AI score0.00322EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.15 views

PT-2026-36971

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

6.5CVSS5.8AI score0.00355EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.6 views

RHEL 8 : dovecot (RHSA-2026:13830)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13830 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.6 views

RHEL 9 : nginx (RHSA-2026:13680)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:13680 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.14 views

AlmaLinux 8 : dovecot (ALSA-2026:13830)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13830 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References5
AlmaLinux
AlmaLinux
added 2026/05/05 12:0 a.m.8 views

Important: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-37301

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An unauthenticated user can access the public endpoint "objects/plugins.json.php" to read the APISecret from the plugin object data. This secret can then be used to authenticate requests to the...

8.7CVSS5.8AI score0.00257EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-36944

Name of the Vulnerable Software and Affected Versions MoreConvert Pro versions prior to 1.9.15 Description The MoreConvert Pro plugin for WordPress contains an authentication bypass flaw. The issue exists because the guest waitlist verification flow fails to invalidate or regenerate verification...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2026/05/05 12:0 a.m.62 views

📄 Craft CMS 5.6.16 Remote Code Execution

Craft CMS version 5.6.16 remote code execution exploit. Exploit Title: Craft CMS 5.6.16 - RCE Google Dork: N/A Date: 2026-01-24 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Vendor Homepage: https://craftcms.com Software Link: https://github.com/craftcms/cms Version: = 3.9.14, =...

10CVSS6.6AI score0.99803EPSS
Exploits14
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.18 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : curl vulnerabilities (USN-8227-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8227-1 advisory. It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations....

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing attack against modauthdigest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recommended to upgra...

4.8CVSS5.8AI score0.00557EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.11 views

FreeBSD : www/apache24 -- Multiple vulnerabilities (1ccc383b-486a-11f1-8b62-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ccc383b-486a-11f1-8b62-8447094a420f advisory. The Apache httpd project reports: modproxyajp: CVE-2026-34059, CVE-2026-34032, CVE-2026-33857,...

9.8CVSS6AI score0.4581EPSS
Exploits18References13
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerabilities (USN-8228-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8228-1 advisory. It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possib...

9.8CVSS6.3AI score0.00373EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/05 12:0 a.m.6 views

CVE-2026-43002

An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix...

5.3CVSS5.8AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37258

Name of the Vulnerable Software and Affected Versions MagicMirror² versions prior to 2.36.0 Description An unauthenticated Server-Side Request Forgery SSRF exists in the '/cors' endpoint, which acts as an open HTTP proxy without authentication or URL validation. This allows remote attackers to...

9.2CVSS6AI score0.01623EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37035

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.4.2 Description The login flow in this open source electronic lab notebook does not reliably preserve the multi-factor authentication state across authentication steps. An attacker possessing valid primary credentia...

5.9CVSS5.8AI score0.00254EPSS
Exploits0References6
Rows per page
Query Builder