Lucene search
K

122335 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.362 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
CVE
CVE
added 4 hours ago4 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 4 hours ago6 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-61520

The CVE-2026-61520 entry documents a server-side request forgery in Simple Machines Forum (SMF) image proxy. Affected versions are SMF 2.1 prior to commit 4bf35cf and SMF 3.0 prior to commit b4d23df. The vulnerability allows authenticated attackers to trigger internal HTTP requests by embedding a...

7.7CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday13 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2CVSS7.2AI score
In wildExploits1References2
NVD
NVD
added yesterday3 views

CVE-2026-56196

Relative path traversal in Windows Admin Center allows an authorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-50499

Heap-based buffer overflow in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-15058

CVE-2026-15058 concerns Devolutions Server (versions 2026.2.11 and 2026.1.22) with an improper authorization flaw in the secure messages deletion endpoint. An authenticated user can delete another user’s messages by manipulating a direct object reference to the message identifier. The connected d...

6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-62659

CVE-2026-62659 affects the NETGEAR WAX333 Access Point. The issue enables someone who is already logged in and on the same local network to make unauthorized changes to the device’s settings. The CVSS details show an adjacent attack vector, low attack complexity, high privileges required, and no ...

6.8CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-15429

A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may allow newline characters to be injected into internally constructed configuration data. An authenticated user with sufficient privileges may be abl...

5.1CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-55651

Easy!Appointments exposes an Excessive Data Exposure vulnerability in the customers search endpoint (affected in 1.5.2) that allows an authenticated user to obtain appointment hashes belonging to other users, enabling modification or deletion of others’ appointments and leading to an Appointments...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-11944

CVE-2026-11944 affects openSIS Classic 9.3. The vulnerability is an authenticated path traversal in the legacy messaging SentMail attachment download functionality, allowing an authenticated attacker to read arbitrary files on the server via crafted path traversal sequences. Impact is limited to ...

6.5CVSS6.2AI score
Exploits1References2Affected Software1
CVE
CVE
added yesterday7 views

CVE-2025-43892

Fortinet FortiOS is affected by CVE-2025-43892: a buffer over-read in FortiOS 7.6.0–7.6.2, 7.4.0–7.4.8, and 7.2 all versions. An authenticated remote attacker could cause the device to return a portion of memory in the redirect response by submitting a specially crafted request. The CVSSv3.1 vect...

4.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-9127

Summary: CVE-2026-9127 affects Studio 5000 Logix Designer®. The issue: incorrect authorization on a configuration file allows any authenticated user to modify the paths of external tools configured within the application. If exploited, an attacker could point the configuration to a malicious exec...

7.3CVSS6.6AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2025-40945

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS0.00143EPSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2025-40945

CVE-2025-40945 affects multiple Siemens/Siemens Digital Industries software (e.g., COMOS, Designcenter NX, Simcenter suite, Solid Edge, Teamcenter Visualization, Tecnomatix, etc.) across numerous versions. The vulnerability is described as an untrusted search path in the IAM Client SDK that may a...

8.5CVSS6AI score0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday9 views

CVE-2025-40945

A vulnerability has been identified in COMOS V10.4.5 All versions V10.4.5.0.2, COMOS V10.6 All versions V10.6.1, Designcenter NX All versions V2512.7000, Simcenter 3D All versions V2512.7000, Simcenter Femap V2506 All versions V2506.0003, Simcenter Femap V2512 All versions V2512.0002, Simcenter...

8.5CVSS0.00143EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday89 views

Online Event Booking and Reservation System 2.3.0 - SQL Injection

Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id:...

9.8CVSS7.1AI score0.15806EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday62 views

rConfig 3.9.4 - Server-Side Request Forgery

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery SSRF via the patha parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs. id: CVE-2023-39109 info: name: rConf...

8.8CVSS7.1AI score0.02965EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday39 views

Woo Bulk Price Update <2.2.2 - Cross-Site Scripting

The Woo Bulk Price Update WordPress plugin, in versions 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the technogetproducts action, which can only be triggered by an authenticated user. id: CVE-2023-28665 info: name: Woo Bulk Price Update 2.2.2 -...

5.4CVSS6.1AI score0.00887EPSS
Exploits2References4
Rows per page
Query Builder