Lucene search
K

746 matches found

Nuclei
Nuclei
added 8 hours ago71 views

SuperWebMailer - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. id: CVE-2023-38194 info: name: SuperWebMailer - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 that allows...

6.1CVSS6.4AI score0.0114EPSS
Exploits1References2
Nuclei
Nuclei
added 8 hours ago66 views

Microweber < 1.2.17 - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...

6.5CVSS6.6AI score0.02907EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 2:47 p.m.6 views

CVE-2026-9651

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

6.7CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/25 2:47 p.m.15 views

CVE-2026-9651

Technical details about CVE-2026-9651 are not provided in the supplied documents. Public sources summarize CWE-732; monitor for updates from NVD, CVE listings, and vuln enrichment feeds.

6.7CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 2:47 p.m.5 views

EUVD-2026-39431

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

6.7CVSS5.8AI score0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:47 p.m.30 views

CVE-2026-9651

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged local access reads improperly protected system files...

6.7CVSS0.00106EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.5 views

CVE-2026-56272

Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database...

5.6CVSS5.8AI score0.00073EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/18 3:5 p.m.11 views

Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID

Development Runner Telephony WebSocket /ws Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID Summary The pipecat development runner registers a /ws WebSocket endpoint for telephony testing that accepts connections without any authentication. An unauthenticated remote attacker who...

7.5CVSS5.7AI score0.00343EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.10 views

WordPress plugin Booking Package 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

7.2CVSS5.5AI score0.00345EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 6:48 p.m.11 views

CVE-2024-40684

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easi...

9.8CVSS5.5AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:53 a.m.20 views

MAL-2026-5230 Malicious code in autotel-subscribers (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 374da77433b452664266e009188064316b6defdcb0ee4b7e391a158a0a5ca6bf No concrete installer-harm signals were identified in this version of autotel-subscribers. There is no observed lifecycle script fetching remote...

6.2AI score
Exploits0References31
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.20 views

Malicious code in executable-stories-vitest (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9900528338f5a1325fa66f8ebc1b72d1a24d63d708b42bbd5c54146ad7a6cbd No concrete installer-harm indicators were identified in this package version. No lifecycle-script behavior, network beacon, credential read, or...

6.1AI score
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.16 views

Malicious code in autotel-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f318ba7cb2f7115530a39f61c409a81a0f2bf94aa552e4a0ac6a0b21570b822 No concrete installer-harm signals were identified for this package version. Coverage of the package contents was partial, so a definitive...

6AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.15 views

MAL-2026-5200 Malicious code in @ethlete/core (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 580c72aa7afc42653ec3679eeaa96ac10d9c389434355415542ac48a36c39b45 The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/05 12:53 a.m.57 views

Malicious code in ai-sdk-ollama (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 19f3e848ffd678e29b96aec1a0aa02dcdcb7c3c5f58bc357ee3b3483b395577d The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References7
OSV
OSV
added 2026/06/05 12:53 a.m.10 views

MAL-2026-5250 Malicious code in executable-stories-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 838176fbbb9290f1ee55af50cd6e292d461f33565a675a6e965bbe50d3b6c3ec No concrete installer-harm evidence was identified in this version of executable-stories-cypress. No lifecycle hook payloads, hardcoded exfiltration...

6.2AI score
Exploits0References8
OSV
OSV
added 2026/06/05 12:53 a.m.14 views

MAL-2026-5228 Malicious code in autotel-plugins (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 54f7a26d9e1681241d44bb8a37e06156508af068e0f594ae58ce4ed3a2caa94c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.2AI score
Exploits0References4
OSV
OSV
added 2026/06/05 12:53 a.m.11 views

MAL-2026-5248 Malicious code in eslint-plugin-executable-stories-playwright (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b3b2b639cf616d5d975e12b917cfd679b4e247fce023e0b2bbf64b7a1482b596 No concrete installer-harm signals were identified in this package version. No lifecycle scripts, hardcoded network destinations, credential-path...

6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.19 views

PT-2026-46986

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 5.0.0 Description An issue exists where an attacker who gains access to a user's email account can reset both the account password and the two-factor authentication 2FA token via email. This process effectively reduc...

5.9CVSS5.2AI score0.00278EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/02 8:31 p.m.14 views

EUVD-2026-34028

authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured sources can log into any account. This issue has been patched in versions 2025.12.6, 2026.2.4, an...

8.8CVSS5.7AI score0.00298EPSS
Exploits1References1
Rows per page
Query Builder