Lucene search
+L

5591 matches found

nuclei
nuclei
added 5 hours ago140 views

ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS6.4AI score0.01089EPSS
Exploits0References4
cvelist
cvelist
added 2 days ago29 views

CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

7CVSS0.00234EPSS
Exploits0References1
cve
cve
added 2 days ago6 views

CVE-2026-58637

CVE-2026-58637 affects Windows Client-Side Caching (CSC) Service. Description and sources confirm a use-after-free vulnerability that enables an authorized local attacker to elevate privileges. Metrics indicate local attack vector, low privileges required, and no user interaction, with high confi...

7CVSS6AI score0.00234EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2 days ago6 views

PT-2026-58672

Name of the Vulnerable Software and Affected Versions Windows Client-Side Caching CSC Service affected versions not specified Description A use-after-free condition in the Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally. Use-after-free is a memo...

7CVSS6AI score0.00234EPSS
Exploits0References5
euvd
euvd
added last week7 views

EUVD-2026-42616

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS6.1AI score0.00285EPSS
Exploits0References1
redhat
redhat
added 2026/07/09 2:40 p.m.2 views

openssh: OpenSSH: Use-after-free vulnerability during host key re-exchange on the client side

A flaw was found in OpenSSH. A remote attacker could exploit a use-after-free vulnerability on the client side when a server changes its host key during a key re-exchange. This could lead to high impact on confidentiality and integrity, and low impact on availability...

9.4CVSS6.1AI score0.00263EPSS
Exploits0References7
nvd
nvd
added 2026/07/08 2:16 p.m.9 views

CVE-2026-41122

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker wit...

7.1CVSS0.00202EPSS
Exploits0References1
cve
cve
added 2026/07/08 1:26 p.m.9 views

CVE-2026-41122

CVE-2026-41122 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could exploit this to cause informatio...

7.1CVSS5.9AI score0.00202EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/07/08 1:16 a.m.5 views

DEBIAN-CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6AI score0.00263EPSS
Exploits0References1
nvd
nvd
added 2026/07/08 1:16 a.m.8 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS0.00263EPSS
Exploits0References3
debiancve
debiancve
added 2026/07/08 12:17 a.m.6 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6AI score0.00263EPSS
Exploits0
cvelist
cvelist
added 2026/07/08 12:17 a.m.146 views

CVE-2026-60002

ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

7.7CVSS0.00263EPSS
Exploits0References3
cve
cve
added 2026/07/08 12:17 a.m.198 views

CVE-2026-60002

Summary (CVE-2026-60002): OpenSSH

9.4CVSS6AI score0.00263EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.10 views

PT-2026-56420

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.1CVSS6.2AI score0.00202EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-56293

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description A use-after-free issue exists in the ssh client. This occurs when a server changes its host key during a key re-exchange, which is a process where the client and server negotiate new session keys to...

9.4CVSS6AI score0.00407EPSS
Exploits0References25
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.8 views

PT-2026-56202

Name of the Vulnerable Software and Affected Versions phoenix versions 1.2.0-rc.0 through 1.5.14 phoenix versions 1.6.0-rc.0 through 1.6.16 phoenix versions 1.7.0-rc.0 through 1.7.23 phoenix versions 1.8.0-rc.0 through 1.8.8 Description The Presence JavaScript client in phoenix contains an improp...

7.5CVSS6AI score0.00447EPSS
Exploits1References20
nvd
nvd
added 2026/07/01 1:17 p.m.6 views

CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

6.5CVSS0.00227EPSS
Exploits0References2
cve
cve
added 2026/07/01 11:59 a.m.18 views

CVE-2026-53909

CVE-2026-53909 affects MCO where file upload validation relies solely on client-side checks, allowing an authorized low-priv attacker to upload arbitrary file types to the server. The vulnerability has been confirmed only in version 25.3.3.1, though other versions may also be affected. The docume...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/01 11:59 a.m.10 views

EUVD-2026-40955

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

7.1CVSS5.9AI score0.00227EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/01 11:59 a.m.6 views

CVE-2026-53909

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

7.1CVSS5.9AI score0.00227EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder