Lucene search
K

126798 matches found

EUVD
EUVD
added yesterday2 views

EUVD-2026-41651

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-57987

Server-side request forgery ssrf in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS6AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday3 views

EUVD-2026-41649

Use after free in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41648

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.7CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-57983

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to bypass a security feature over a network...

8.7CVSS5.9AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday2 views

EUVD-2026-41647

Access of resource using incompatible type 'type confusion' in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-56645

Heap-based buffer overflow in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.8CVSS6.3AI score
Exploits0References2Affected Software1
Nuclei
Nuclei
added yesterday46 views

Lantronix PremierWave 2050 8.9.0.0R4 - Remote Command Injection

Lantronix PremierWave 2050 8.9.0.0R4 contains an OS command injection vulnerability. A specially-crafted HTTP request can lead to command in the Web Manager Wireless Network Scanner. An attacker can make an authenticated HTTP request to trigger this vulnerability. id: CVE-2021-21881 info: name:...

9.9CVSS7.2AI score0.37064EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday33 views

Intelbras WIN 300/WRN 342 - Credentials Disclosure

Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the defwirelesspassword line in the HTML source code. id: CVE-2021-3017 info: name: Intelbras WIN 300/WRN 342 - Credentials Disclosure author: pikpikcu severity: high description:...

7.5CVSS7.1AI score0.63023EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday52 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS7.9AI score0.83337EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday34 views

TOTOLink - Unauthenticated Command Injection

TOTOLink A950RG V5.9c.4050B20190424 and V4.1.2cu.5204B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERYSTRING parameter. id: CVE-2022-25082 info: name: TOTOLink -...

9.8CVSS7.4AI score0.16089EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday66 views

Geutebruck - Remote Command Injection

Geutebruck is susceptible to multiple vulnerabilities its web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-33544 info: name: Geutebruck - Remote Command Injection author: gy741 severit...

7.2CVSS7.1AI score0.94622EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday32 views

Oracle WebLogic Server - Remote Code Execution

Oracle WebLogic Server 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 contains a remote code execution caused by unauthenticated access via T3, IIOP, letting attackers take over the server, exploit requires network access. id: CVE-2021-2135 info: name: Oracle WebLogic Server - Remote Code Execution author:...

9.8CVSS7.7AI score0.0837EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday13 views

KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...

9.8CVSS7.2AI score0.53389EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday45 views

SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery

SAP BusinessObjects Business Intelligence Platform Web Services 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful...

5.3CVSS6.7AI score0.61736EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday15 views

Gradio - Server-Side Request Forgery

A Server-Side Request Forgery SSRF vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the /queue/join endpoint and the saveurltocache function. The vulnerability arises when the path value, obtained from the user and expected to be a URL, is used to make an HTTP...

8.6CVSS7.1AI score0.37366EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday72 views

Oracle E-Business Suite - Blind SSRF

Oracle E-Business Suite, Application Management Pack component User Monitoring subcomponent, is susceptible to blind server-side request forgery. An attacker with network access via HTTP can gain read access to a subset of data, connect to internal services like HTTP-enabled databases, or perform...

5.3CVSS6.5AI score0.17118EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday27 views

CVE-2026-56015 Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

Exploits0References2
RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-54891

A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...

6.3CVSS5.9AI score0.00164EPSS
Exploits0References8
Circl
Circl
added yesterday7 views

CVE-2026-58653

creationtimestamp| type| source ---|---|--- 2026-07-03 04:07:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mppobtmlft22 2026-07-03 12:05:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpqiy6folx2b...

5.3CVSS5.9AI score0.00158EPSS
Exploits0References2
Rows per page
Query Builder