Lucene search
K

6051 matches found

Nuclei
Nuclei
added yesterday81 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.9AI score0.142EPSS
Exploits4References3
Nuclei
Nuclei
added yesterday63 views

JSONPath Plus < 10.3.0 - Remote Code Execution

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

9.8CVSS7.2AI score0.10224EPSS
Exploits8References5
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-49971 Laravel-Mediable < 7.0.0 Stored XSS via SVG File Upload

Laravel-Mediable before 7.0.0 contains a stored cross-site scripting vulnerability that allows authenticated or anonymous users to execute arbitrary JavaScript by uploading unsanitized SVG files containing embedded scripts in onload event handlers, script tags, or foreignObject elements. Attacker...

6.1CVSS0.00203EPSS
Exploits0References3
CVE
CVE
added 4 days ago29 views

CVE-2026-57827

The CVE-2026-57827 entry concerns the Joomla extension RSFiles (RSFiles component) from rsjoomla.com, affected versions prior to 1.17.12. The vulnerability is an unauthenticated arbitrary file upload that can upload executable files, enabling full remote code execution (RCE). The connected record...

10CVSS6.1AI score0.00287EPSS
Exploits1References2Affected Software1
NVD
NVD
added 6 days ago7 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS0.0034EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS0.00263EPSS
Exploits1References2
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS0.00836EPSS
Exploits5References2
Vulnrichment
Vulnrichment
added 6 days ago11 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score0.00836EPSS
Exploits5References2
CBLMariner
CBLMariner
added last week5 views

CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00184EPSS
Exploits0
CBLMariner
CBLMariner
added last week5 views

CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00172EPSS
Exploits0
CBLMariner
CBLMariner
added last week5 views

CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00176EPSS
Exploits0
CBLMariner
CBLMariner
added last week5 views

CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00176EPSS
Exploits0
CBLMariner
CBLMariner
added last week5 views

CVE-2026-52969 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52969 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.1AI score0.00147EPSS
Exploits0
CBLMariner
CBLMariner
added last week5 views

CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

7.1CVSS6.1AI score0.0018EPSS
Exploits0
CBLMariner
CBLMariner
added last week5 views

CVE-2026-53004 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53004 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.1AI score0.00176EPSS
Exploits0
CBLMariner
CBLMariner
added last week5 views

CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1. A patched version of the package is available...

7.8CVSS5.9AI score0.00184EPSS
Exploits0
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1797 Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.9AI score0.00294EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.33 views

CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS0.00304EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/03 10:19 a.m.8 views

EUVD-2026-41530

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/02 8:17 p.m.18 views

NPM: 9router: Missing Authorization and OS Command Injection

NPM: 9router: Missing Authorization and OS Command Injection vulnerability discovered by ? in WordPress Npm 9router versions 0.4.44...

9.8CVSS5.9AI score0.01372EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder