Lucene search
+L

13008 matches found

nuclei
nuclei
added yesterday103 views

DataEase <= 2.4.1 - Sensitive Information Exposure

DataEase, an open source data visualization and analysis tool, has a database configuration information exposure vulnerability prior to version 2.5.0. Visiting the /de2api/engine/getEngine;.js path via a browser reveals that the platform's database configuration is returned. id: CVE-2024-30269...

5.3CVSS6.1AI score0.16EPSS
Exploits2References3
cvelist
cvelist
added 2 days ago40 views

CVE-2026-57833 Joomla Extension - weeblr.com - Unauthenticated stored XSS in 4Analytics < 5.0.2

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS0.00418EPSS
Exploits0References1
euvd
euvd
added 2 days ago5 views

EUVD-2026-44601

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS6.1AI score0.00418EPSS
Exploits0References1
attackerkb
attackerkb
added 2 days ago4 views

CVE-2026-57833

The Joomla extension 4Analytics is vulnerable to an unauthenticated stored XSS in relation to the AI analysis feature...

8.6CVSS6.1AI score0.00418EPSS
Exploits0References2Affected Software1
nvd
nvd
added 3 days ago5 views

CVE-2026-53565

Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows. This issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7...

8.5CVSS0.001EPSS
Exploits0References1
cve
cve
added 3 days ago11 views

CVE-2026-53565

CVE-2026-53565 is a Local Privilege Escalation in Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows. The CVE affects Secure Access Client for Windows versions before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7. The CVE is categorized as...

8.5CVSS6.1AI score0.001EPSS
Exploits0References1
cve
cve
added 2026/07/09 2:19 p.m.18 views

CVE-2026-60109

Zeek

8.7CVSS6AI score0.00502EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.10 views

PT-2026-56810

Name of the Vulnerable Software and Affected Versions Zeek versions prior to 8.0.9 Description A null pointer dereference exists in the Kerberos protocol analyzer. An unauthenticated remote attacker can cause the sensor to crash by sending a specially crafted KRB ERROR message with error-code 25...

8.7CVSS6.1AI score0.00502EPSS
Exploits0References5
osv
osv
added 2026/07/08 10:15 a.m.8 views

MAL-2026-6972 Malicious code in @vwfs-its/sf-sac-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41fd62df844e3fba17cb6200b0c9f2ce518a630677ed96f4cf0349b2a3eb7a3d On npm install, the package's preinstall hook node index.js collects installer host identity — hostname, OS user info, output of whoami and id, shell...

6.1AI score
Exploits0References1
ossf
ossf
added 2026/07/08 12:20 a.m.12 views

Malicious code in rio-design-tokens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ed72d8256a1831ef61f01d101c9b9de21db822516cb3b61d1fffd1ef7b3bb0c7 [email protected] is a dependency-confusion attack package. package.json declares preinstall: node index.js, so npm install auto-executes...

5.9AI score
Exploits0References3
osv
osv
added 2026/07/07 6:25 a.m.6 views

MAL-2026-6910 Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6.1AI score
Exploits0References1
ossf
ossf
added 2026/07/07 6:25 a.m.8 views

Malicious code in zluri-ad-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b7a807f066f0255f7480ebd7d445043282260b464b0ef54a32a2d022c93bbf7 The package declares a preinstall hook node index.js that runs automatically on npm install. index.js requires os, dns, https, querystring, and the...

6AI score
Exploits0References1
redhatcve
redhatcve
added 2026/07/06 7:38 p.m.8 views

CVE-2026-14758

A flaw was found in radareorg radare2. A local attacker can exploit an integer overflow vulnerability within the hexpairs parser, specifically in the cmdanalopcode function. This manipulation can lead to an integer overflow, potentially causing a denial of service DoS condition...

5.5CVSS5.9AI score0.00131EPSS
Exploits1References2
nessus
nessus
added 2026/07/06 12:0 a.m.6 views

FreeBSD : traefik -- Multiple vulnerabilities (803b9816-77af-11f1-ba71-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 803b9816-77af-11f1-ba71-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...

10CVSS6AI score0.00346EPSS
Exploits0References5
osv
osv
added 2026/07/05 3:16 p.m.17 views

MAL-2026-6760 Malicious code in @adobesign/as-dev-tools (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6752e4d30c584cb5ca6f67265c983257c1531aa306b47ec00b43ddae83fe2532 The package's package.json declares a postinstall lifecycle hook that pipes the output of whoami through curl to a hardcoded Burp Collaborator...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/05 3:16 p.m.5 views

UBUNTU-CVE-2026-14758

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

5.5CVSS5.5AI score0.00131EPSS
Exploits1References10
debiancve
debiancve
added 2026/07/05 2:45 p.m.6 views

CVE-2026-14757

A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is...

7.8CVSS5.6AI score0.00142EPSS
Exploits1
ptsecurity
ptsecurity
added 2026/07/05 12:0 a.m.18 views

PT-2026-55807

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the hexpairs Parser component within the cmd anal opcode function located in the libr/core/cmd anal.inc.c file. This issue requires local access to be exploite...

5.5CVSS5.9AI score0.00131EPSS
Exploits1References12
ptsecurity
ptsecurity
added 2026/07/05 12:0 a.m.18 views

PT-2026-55806

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the core anal bytes function within the libr/core/cmd anal.inc file. This issue requires local access to be exploited. Recommendations Install the available...

7.8CVSS6.2AI score0.00142EPSS
Exploits1References10
cvelist
cvelist
added 2026/07/04 1:31 p.m.28 views

CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS0.00321EPSS
Exploits1References4
Rows per page
Query Builder