Lucene search
K

2858620 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.220 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
CVE
CVE
added 3 hours ago5 views

CVE-2026-11579

The CVE concerns the Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin, affected versions prior to 2.4.17. The vulnerability arises because the plugin does not verify that a file upload is initiated against an existing form configured with a file-upload field. As a result, unauth...

6.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago6 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score
Exploits0References2
Circl
Circl
added 6 hours ago8 views

CVE-2026-13385

creationtimestamp| type| source ---|---|--- 2026-07-15 03:00:26+00:00| seen| https://infosec.exchange/users/offseq/statuses/116921756947670961 2026-07-15 03:00:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mqnq5cursl2a 2026-07-15 04:04:35+00:00| seen|...

9.5CVSS6.1AI score
Exploits0References3
Chainguard
Chainguard
added 6 hours ago4 views

GHSA-F8H2-VMM9-QHJ6 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

6.1AI score
Exploits0
Wolfi
Wolfi
added 6 hours ago6 views

CVE-2026-45591 vulnerabilities

Vulnerabilities for packages: dotnet-bootstrap...

7.5CVSS7AI score0.0243EPSS
Exploits0
Wolfi
Wolfi
added 6 hours ago6 views

CVE-2026-47065 vulnerabilities

Vulnerabilities for packages: apache-nifi...

9.8CVSS6.1AI score0.00468EPSS
Exploits0
EUVD
EUVD
added 8 hours ago4 views

EUVD-2026-44564

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 8 hours ago27 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00385EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added 8 hours ago17 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
Circl
Circl
added yesterday3 views

CVE-2026-48324

creationtimestamp| type| source ---|---|--- 2026-07-14 22:57:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqncl5chk42x 2026-07-14 23:16:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqndm3tvq72b 2026-07-15 06:00:25+00:00| seen|...

9.1CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday9 views

CVE-2026-15753

CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...

5.5CVSS5.9AI score
Exploits0References7
NVD
NVD
added yesterday5 views

CVE-2026-48336

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS
Exploits0References1
Circl
Circl
added yesterday2 views

CVE-2026-50658

creationtimestamp| type| source ---|---|--- 2026-07-14 22:02:42+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:02:14+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review...

7CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-54684

CVE-2026-54684 — jadx (Dex to Java decompiler) Affected versions: 1.5.2 to 1.5.5. The vulnerability arises when processing a malicious .xapk file: XApkLoader resolves each entry name directly with tmpDir.resolve(fileName) after a CWD-based ZIP security check, allowing an attacker to write archive...

7CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-50130

CVE-2026-50130 : Pi-hole on versions 6.0–6.4.2 is vulnerable to local privilege escalation from the unprivileged pihole user to root via replacement of /etc/pihole/logrotate. The attack works because the replacement is laundered to root:root by pihole-FTL-prestart.sh and then parsed as root by th...

8.8CVSS6.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-48354

CVE-2026-48354 concerns CAI Content Credentials and describes an Integer Overflow or Wraparound (CWE-190) that could cause an application denial-of-service. Exploitation does not require user interaction and could crash the application. The available documents confirm the impact (availability los...

6.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday35 views

CVE-2026-45363

CVE-2026-45363 affects the ruby-jwt gem (Ruby implementation of JWT). Prior to versions 2.10.3 and 3.2.0, JWT.decode(token, '', true, algorithm: 'HS256') can accept attacker-forged tokens because OpenSSL::HMAC.digest('SHA256', '', payload) yields a valid digest with an empty key, and empty-key pa...

9.1CVSS6.9AI score0.00018EPSS
Exploits0References5
CVE
CVE
added yesterday28 views

CVE-2026-48808

Twig’s CVE-2026-48808 describes a sandbox bypass when sandboxing is enabled via SourcePolicyInterface and the CoreExtension::column() filter is used. The issue arises because the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension...

6CVSS6.1AI score
Exploits0References3
Rows per page
Query Builder