Lucene search
+L

600 matches found

Nuclei
Nuclei
added yesterday65 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28481 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS9.3AI score0.83214EPSS
Exploits4References5
NVD
NVD
added 6 days ago7 views

CVE-2026-15520

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS0.00136EPSS
Exploits0References10
OSV
OSV
added 6 days ago3 views

CVE-2026-15524 alioshr memory-bank-mcp list-project-files-validation-factory.ts path traversal

A security vulnerability has been detected in alioshr memory-bank-mcp up to 0.2.1/3.1. This affects an unknown part of the file list-project-files-validation-factory.ts. Such manipulation of the argument projectName leads to path traversal. Local access is required to approach this attack. The...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References8
NVD
NVD
added 2026/07/08 6:16 a.m.8 views

CVE-2026-12041

The Chatra Live Chat + ChatBot + Cart Saver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

4.4CVSS0.00193EPSS
Exploits0References3
Amazon
Amazon
added 2026/07/08 12:0 a.m.6 views

Medium: qt5-qt3d

Issue Overview: A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handler. The manipulation results in null pointer dereference. The attack is only possib...

5.3CVSS5.2AI score0.00115EPSS
Exploits0
OSV
OSV
added 2026/07/06 3:16 a.m.3 views

DEBIAN-CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:15 a.m.6 views

CVE-2026-14790

A flaw has been found in GPAC 26.02.0. This affects the function nhmldumpsendframe of the file src/filters/writenhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been published and may be...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/01 11:43 p.m.7 views

CVE-2026-50280

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS5.7AI score0.00273EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 9:9 p.m.20 views

CVE-2026-54259

Wagtail (Django-based CMS) has a vulnerability in older branches where the Documents and Images chooser endpoint could show items to users who lack choose permission. Affected versions: < 7.0.8, < 7.3.3, and

4.3CVSS5.6AI score0.00162EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/24 5:33 a.m.10 views

EUVD-2026-38684

The WP Latest Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted image src attributes in post content in versions up to, and including, 5.0.11. This is due to insufficient output escaping in the field and loop functions, which extract the raw src attribute value...

6.4CVSS6AI score0.00207EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:29 a.m.8 views

CVE-2026-11614

The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'customattributes' parameter in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6AI score0.00256EPSS
Exploits0References20
CVE
CVE
added 2026/06/21 7:15 a.m.23 views

CVE-2026-12786

The CVE-2026-12786 entry concerns Ezbsystems UltraISO Premium Edition up to version 9.76. It targets an issue in the kernel driver component bootpt64.sys where an unknown functionality allows improper access controls. The attack requires local access, and the exploit has been publicly disclosed. ...

8.5CVSS6.3AI score0.00113EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 7:0 a.m.8 views

CVE-2026-12784

A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDANTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the...

8.5CVSS6.6AI score0.00113EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/19 7:36 p.m.9 views

GHSA-F962-V9HR-PFG5 jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

8.6CVSS6.7AI score0.00298EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/18 5:34 a.m.36 views

CVE-2026-11784 Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replacefile function. This makes it...

4.3CVSS0.00157EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/15 4:15 a.m.12 views

EUVD-2026-36691

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS8.3AI score0.00371EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 3:41 a.m.12 views

EUVD-2026-35305

The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute and other attributes of the romancartbutton shortcode in versions up to, and including, 2.0.8. This is due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.7AI score0.00192EPSS
Exploits0References3
NVD
NVD
added 2026/06/07 10:16 a.m.13 views

CVE-2026-11459

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been...

4.8CVSS0.00106EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/06/07 8:15 a.m.8 views

CVE-2026-11459 SecureAge CatchPulse IOCTL saappctl.sys information disclosure

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been...

4.8CVSS4.2AI score0.00106EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/06 3:28 a.m.13 views

EUVD-2026-34959

The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'locationmessages' parameter in all versions up to, and including, 4.9.4 due to insufficient input sanitization and output escaping...

4.4CVSS5.7AI score0.00201EPSS
Exploits0References6
Rows per page
Query Builder