Lucene search
K

122341 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.362 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
CVE
CVE
added 6 hours ago5 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-61520

The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...

7.7CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday14 views

CVE-2026-15410

CVE-2026-15410 affects SonicWall SMA1000 Appliance Management Console (AMC). It is a post-authentication code-injection vulnerability that, under certain conditions, could allow a remote authenticated administrator to execute arbitrary OS commands. Root cause: improper control of generation of co...

7.2CVSS7.2AI score
In wildExploits1References2
NVD
NVD
added yesterday4 views

CVE-2026-56196

Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50499

Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-15058

CVE-2026-15058 concerns Devolutions Server (versions 2026.2.11 and 2026.1.22) with an improper authorization flaw in the secure messages deletion endpoint. An authenticated user can delete another user’s messages by manipulating a direct object reference to the message identifier. The connected d...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-62659

CVE-2026-62659 affects the NETGEAR WAX333 Access Point. The issue enables someone who is already logged in and on the same local network to make unauthorized changes to the device’s settings. The CVSS details show an adjacent attack vector, low attack complexity, high privileges required, and no ...

6.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-15429

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...

5.1CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-55651

Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-11944

CVE-2026-11944 affects openSIS Classic 9.3. The vulnerability is an authenticated path traversal in the legacy messaging SentMail attachment download functionality, allowing an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. Impact is limited to ...

6.5CVSS6.2AI score
Exploits1References2Affected Software1
CVE
CVE
added yesterday7 views

CVE-2025-43892

Fortinet FortiOS is affected by CVE-2025-43892: a buffer over-read in FortiOS 7.6.0–7.6.2, 7.4.0–7.4.8, and 7.2 all versions. An authenticated remote attacker could cause the device to return a portion of memory in the redirect response by submitting a specially crafted request. The CVSSv3.1 vect...

4.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-9127

Summary: CVE-2026-9127 affects Studio 5000 Logix Designer®. The issue: incorrect authorization on a configuration file allows any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could point the configuration to a malicious exec...

7.3CVSS6.6AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2025-40945

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2025-40945

CVE-2025-40945 affects multiple Siemens/Siemens Digital Industries software (e.g., COMOS, Designcenter NX, Simcenter suite, Solid Edge, Teamcenter Visualization, Tecnomatix, etc.) across numerous versions. The vulnerability is described as an untrusted search path in the IAM Client SDK that may a...

8.5CVSS6AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2025-40945

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS0.00143EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday49 views

WordPress NewStatPress 0.9.8 - SQL Injection

WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nspsearch.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nspsearch page to wp-admin/admin.php. id: CVE-2015-4062 info: name: WordPress NewStatPress 0.9.8 - S...

6.5CVSS6.3AI score0.09183EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday49 views

WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run...

6.1CVSS6.3AI score0.01905EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday16 views

MindsDB - Remote Code Execution

MindsDB 25.9.1.1 contains a remote code execution caused by path traversal in the /api/files upload file module, letting authenticated attackers write arbitrary files and execute commands, exploit requires authentication. id: CVE-2026-27483 info: name: MindsDB - Remote Code Execution author:...

8.8CVSS6.6AI score0.11113EPSS
Exploits5References4
Rows per page
Query Builder