Lucene search
K

25451 matches found

Cvelist
Cvelist
added yesterday29 views

CVE-2026-56459 HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure

HCL DevOps Deploy / HCL Launch is susceptible to sensitive information disclosure. The application stores potentially sensitive information in log files that could be read by a local user...

6.2CVSS0.00157EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-31984

CVE-2026-31984 affects Guardian/CMC prior to version 26.2.0, where unbounded resource allocation in the audit logging path allows an unauthenticated attacker to submit oversized input, potentially exhausting disk space and causing DoS. Root cause: missing input size limit in audit entries. Impact...

8.7CVSS6AI score0.00274EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added yesterday27 views

CVE-2026-31984 DoS through oversized audit log entries in Guardian/CMC before 26.2.0

A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. An unauthenticated attacker can submit requests containing excessively large input that is recorded into...

8.7CVSS0.00274EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday45 views

Riello Netman 204 - SQL Injection

The three endpoints /cgi-bin/dbdatalogw.cgi, /cgi-bin/dbeventlogw.cgi, and /cgi-bin/dbmultimetrw.cgi are vulnerable to SQL injection without prior authentication. This enables an attacker to modify the collected log data in an arbitrary way. id: CVE-2024-8877 info: name: Riello Netman 204 - SQL...

9.8CVSS7.5AI score0.7703EPSS
Exploits2References3
CVE
CVE
added 2 days ago8 views

CVE-2026-60092

The CVE-2026-60092 entry describes a stored cross-site scripting vulnerability in the AVideo Meet plugin. When a participant joins a public meeting, the raw HTTP User-Agent header is stored in meet_join_log.user_agent without sanitization and later echoed in the Participants management panel (vis...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago9 views

Malicious code in gas-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36241e999d92bad738082bf420fc144391735f9f3707bc4baa0153b4cb0eec8a gas-log impersonates the legitimate eth-gas-reporter package: it reuses that project's README, keywords, badges, and CHANGELOG, and the README even...

5.9AI score
Exploits0References3
CVE
CVE
added 2 days ago11 views

CVE-2026-55437

CVE-2026-55437 affects Coder: prior to 2.29.17, 2.32.7, 2.33.8, and 2.34.2, AgentLogLine uses ansi-to-html without escapeXML: true and injects via dangerouslySetInnerHTML, enabling stored HTML injection in workspace agent logs. Exploitation requires a user with workspace-owner access to view atta...

5.4CVSS6AI score0.00316EPSS
Exploits0References6Affected Software1
OSV
OSV
added 3 days ago4 views

PYSEC-2026-1687 Unauthenticated views may expose information to anonymous users

Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...

3.7CVSS5.8AI score0.00628EPSS
Exploits0References11
NVD
NVD
added 3 days ago19 views

CVE-2026-14345

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...

9.8CVSS0.00745EPSS
Exploits0References11
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-42009

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...

9.8CVSS6.3AI score0.00745EPSS
Exploits0References11
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-14345 WPFunnels <= 3.12.7 - Unauthenticated Remote Code Execution via 'postData' Parameter

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...

9.8CVSS0.00745EPSS
Exploits0References11
CVE
CVE
added 3 days ago23 views

CVE-2026-14345

The CVE-2026-14345 entry concerns the WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell (WordPress plugin). Affected versions up to and including 3.12.7 are vulnerable to Remote Code Execution via the postData parameter. The root cause is an unsanitized write of attacker...

9.8CVSS6.3AI score0.00745EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-14345

The WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.12.7 via the 'postData' parameter parameter. This is due to unsanitized write of attacker-controlled postData values...

9.8CVSS6.3AI score0.00745EPSS
Exploits0References12
NVD
NVD
added 3 days ago10 views

CVE-2026-34035

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-34035 Coolify: Host RCE via Log Drain secret/env command injection

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS0.0034EPSS
Exploits0References3
CVE
CVE
added 3 days ago10 views

CVE-2026-34035

CVE-2026-34035 affects Coolify. Prior to version 4.0.0-beta.466, log drain secret and environment values could be interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the host. Resulting impact is host RCE with high severity. ...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-34035

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the...

8.8CVSS6AI score0.0034EPSS
Exploits0References4Affected Software1
NOZOMI
NOZOMI
added 3 days ago4 views

DoS through oversized audit log entries in Guardian/CMC before 26.2.0

Summary A denial-of-service vulnerability caused by unbounded resource allocation was discovered in the audit logging functionality, due to a missing size limit on input recorded into audit entries. Impact An unauthenticated attacker can submit requests containing excessively large input that is...

8.7CVSS6AI score0.00274EPSS
Exploits0Affected Software2
OSV
OSV
added 3 days ago4 views

ALSA-2026:36049 Important: kernel-rt security, bug fix, and enhancement update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: gfs2: Fix use-after-free in iomap inline...

7.8CVSS6AI score0.0031EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in color-cli-log (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 43d15f0d189a3dff03fe5549073cad30c2c0d648e6b1b12d1385689c84c6888c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Rows per page
Query Builder