Lucene search
K

5866 matches found

Nuclei
Nuclei
added 18 hours ago37 views

T24 Web Server - Local File Inclusion

T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server. id: CVE-2019-14251 info: name: T24 Web Server - Local File Inclusion author: 0xAkoko severity: high description: T24 web server is vulnerable to unauthenticated...

7.5CVSS7.1AI score0.07849EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago20 views

GeoServer WFS - XXE Processing Vulnerability

GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...

9.9CVSS7.1AI score0.50825EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
OSV
OSV
added yesterday2 views

MAL-2026-6698 Malicious code in cursed-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 45b6aab954f9b8edbc759c97eabe39d7a070c4dbe852586422761ad0f8c7ad95 [email protected] executes attacker-controlled code on three separate triggers and operates a bidirectional command channel against a hardcoded...

6AI score
Exploits0References19
CVE
CVE
added yesterday9 views

CVE-2026-58376

Dolibarr

7.6CVSS6AI score
Exploits0References4
NVD
NVD
added yesterday9 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS
Exploits1References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-40318

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

5.9CVSS5.9AI score
Exploits1References3
CVE
CVE
added yesterday10 views

CVE-2026-58015

A flaw was found in GLib. The D-Bus client-side implementation of the DBUSCOOKIESHA1 SASL authentication mechanism does not validate the cookiecontext parameter received from the server. A malicious D-Bus server can supply a cookiecontext containing path traversal sequences, causing the client to...

7.5CVSS5.9AI score
Exploits1References3Affected Software2
NVD
NVD
added 2 days ago7 views

CVE-2026-43735

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin...

8.1CVSS0.00168EPSS
Exploits1References3
NVD
NVD
added 2 days ago8 views

CVE-2026-43708

The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin...

4.3CVSS0.00205EPSS
Exploits0References3
CVE
CVE
added 2 days ago7 views

CVE-2026-43708

CVE-2026-43708 affects WebKit/Safari components. The issue allowed a malicious website to exfiltrate data across origins due to insufficient input validation. The vulnerability is addressed with patches in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2. Root cause: improved inpu...

4.3CVSS5.8AI score0.00205EPSS
Exploits0References3Affected Software4
CVE
CVE
added 2 days ago15 views

CVE-2026-43735

CVE-2026-43735 affects WebKit in macOS Tahoe (and related Safari/iOS/iPadOS/WebKit stacks). The root issue is cross-origin data exfiltration via malicious web content, addressed by improved checks and fixed in Safari 26.5.2, iOS 26.5.2/iPadOS 26.5.2, and macOS Tahoe 26.5.2. References indicate Ap...

8.1CVSS5.8AI score0.00168EPSS
Exploits1References3Affected Software4
CVE
CVE
added 2 days ago13 views

CVE-2026-56782

Gorse before 0.5.10 contains an authentication bypass vulnerability affecting the /api/dump and /api/restore endpoints. When admin_api_key is empty (default configuration), unauthenticated remote attackers can access protected functionality, enabling either exfiltration of the entire database (in...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References4
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS0.00896EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-56782 Gorse - Unauthenticated Database Dump and Restore via /api/dump and /api/restore Endpoints

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References4
EUVD
EUVD
added 2 days ago9 views

EUVD-2026-40158

Gorse before 0.5.10 contains an authentication bypass vulnerability in the /api/dump and /api/restore endpoints that allows unauthenticated attackers to access protected functionality when adminapikey is empty, which is the default configuration. Remote attackers can exfiltrate the entire databas...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References4
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-40079

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS6AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

MAL-2026-6573 Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-53659

Name of the Vulnerable Software and Affected Versions Gorse versions prior to 0.5.10 Description An authentication bypass exists in the HTTP API when the admin api key is left empty, which is the default configuration. This occurs because improper input validation treats an empty key as a disabli...

9.8CVSS5.8AI score0.00896EPSS
Exploits1References6
OSV
OSV
added 3 days ago7 views

MAL-2026-6561 Malicious code in skillspector (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3c5f440b1893b0d6aad59302e3cef3c14e1ae5b51b83144474e8126b3d2f9075 This package is a modified, unofficial version of the Nvidia project https://github.com/NVIDIA/skillspector. The modification is disguised as telemetry. The...

5.9AI score
Exploits0References1
Rows per page
Query Builder