Lucene search
K

3636 matches found

NVD
NVD
added 2026/06/08 12:16 p.m.12 views

CVE-2026-11569

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 10:54 a.m.22 views

CVE-2026-11569

CVE-2026-11569 affects Quay: the filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG containing JavaScript. The file is stored and served inline via the CDN, enabling stored XSS when a victim visits the ...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 10:54 a.m.8 views

CVE-2026-11569 Quay: quay: stored xss via filedrop svg upload

A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScript. The file is stored and served inline through the CDN, enabling stored cross-site scripting wh...

5.4CVSS5.2AI score0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.15 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.5AI score0.00414EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-9471

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...

5.1CVSS4.1AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.14 views

CVE-2026-7398

A weakness has been identified in florensiawidjaja BioinfoMCP up to 7ada7918b9e515604d3c0ae264d3a9af10bf6e54. This vulnerability affects the function Upload of the file bioinfomcpplatform/app.py of the component Upload Endpoint. This manipulation of the argument Name causes path traversal. The...

7.5CVSS6.8AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.9 views

CVE-2026-8941

The CDN Linker lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ossdloffoptions function. This makes it possible for unauthenticated attackers to update the plugin's settings ...

4.3CVSS5.4AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.19 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS6.1AI score0.29641EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:13 p.m.14 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS6.1AI score0.29641EPSS
Exploits1References2Affected Software4
The Hacker News
The Hacker News
added 2026/06/04 9:51 a.m.21 views

Fake Sites Mimicking Open-Source Tools Rank High on Google to Deliver Malware via TDS

Cybersecurity researchers have flagged a large-scale operation that impersonates open-source and freeware projects to funnel unsuspecting users through a Traffic Distribution System TDS and deliver malware families like Remus Stealer, AnimateClipper, and the SessionGate framework. "The sites are...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2026/06/04 8:3 a.m.9 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass - XML-RPC setChannelTargeting

Vulnerability description not provided...

8.8CVSS6.7AI score0.02734EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.25 views

PT-2026-46231

Name of the Vulnerable Software and Affected Versions Progress Kemp LoadMaster versions prior to 7.2.63.1 Progress Kemp LoadMaster versions prior to 7.2.54.17 Progress ADC Products affected versions not specified Progress ECS Connection Manager affected versions not specified Progress Object Scal...

9.6CVSS7.6AI score0.29641EPSS
Exploits1References39
Hacker One
Hacker One
added 2026/06/03 11:4 p.m.9 views

Revive Adserver: PHP code injection in delivery-limitation `logical` validation bypass

A vulnerability in the delivery-limitation logical validation was reported. The vulnerability allowed bypassing the fix for CVE-2026-34916 by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS6.6AI score0.02734EPSS
Exploits1
Patchstack
Patchstack
added 2026/06/03 12:56 p.m.8 views

WordPress WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin <= 4.9.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Jakub Herman in WordPress Plugin WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels versions = 4.9.4...

7.5CVSS5.5AI score0.00294EPSS
Exploits0Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/06/03 4:45 a.m.20 views

Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Learn more Microsoft Threat Intelligence identified a large-scale npm supply chain attack affecting 32 maliciously modified packages across more than 90 versions under the @redhat-cloud-services npm scope. The...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.11 views

CVE-2026-44593

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/02 7:9 a.m.91 views

Exploit for Out-of-bounds Write in Redis

Docker Operations Create a Docker container docker comp...

8.8CVSS5.8AI score0.06867EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.8 views

Windows BITS Persistence Tool

This script implements a BITS-based persistence mechanism with an embedded HTTP server and remote payload delivery for Windows...

5.8AI score
Exploits0
Packet Storm
Packet Storm
added 2026/06/02 12:0 a.m.109 views

📄 Samba SMB Printer Queue Command Injection / Remote Task Delivery

This Python script is a structured exploitation framework targeting Samba print services exposed over SMB port 445. It focuses on printer-share interaction, payload delivery testing, and command execution workflows through manipulated print job submissions. It's written to target versions 4.22.10...

9.8CVSS5.9AI score0.12797EPSS
Exploits7
GithubExploit
GithubExploit
added 2026/06/01 5:19 a.m.86 views

aks-poc-setup

AKS Production-Grade POC Setup A comprehensive, production-re...

6.1AI score
Exploits0
Rows per page
Query Builder