Lucene search
K

12618 matches found

Nuclei
Nuclei
added 15 hours ago20 views

Apache ActiveMQ - Remote Code Execution via HTTP Discovery Transport Bypass

Apache ActiveMQ before 5.19.6 and 6.0.0 through 6.2.4 is vulnerable to remote code execution via a bypass of the CVE-2026-34197 security fix. The original fix blocked the "vm://" transport scheme in BrokerView.addNetworkConnector and BrokerView.addConnector to prevent authenticated attackers from...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References4
IBM Security Bulletins
IBM Security Bulletins
added 21 hours ago4 views

Security Bulletin: IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability (CVE-2026-11714)

Summary IBM WebSphere Application Server Liberty is affected by an authorization bypass vulnerability with the apiDiscovery-1.0 feature enabled. Vulnerability Details CVEID:CVE-2026-11714 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.7 is affected by a server-sid...

9.8CVSS6.1AI score0.00203EPSS
Exploits0Affected Software1
EUVD
EUVD
added 22 hours ago4 views

EUVD-2026-43537

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-62197

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday32 views

CVE-2026-62197 OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-62197

CVE-2026-62197: OpenClaw before 2026.6.6 has a policy bypass in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that the OpenClaw policy should block when the affected feature is enabled. Affected product/version: OpenCla...

8.5CVSS6.1AI score
Exploits0References2Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in salesforce-vscode-slds (npm)

The salesforce-vscode-slds package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a...

6.1AI score
Exploits0References3
OSV
OSV
added yesterday3 views

MAL-2026-10228 Malicious code in chat-adapter-zoom (npm)

The chat-adapter-zoom package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Zoom...

6.1AI score
Exploits0References3
OSV
OSV
added yesterday3 views

MAL-2026-10234 Malicious code in slds-lsp-client (npm)

The slds-lsp-client package was published to the npm registry by user 'click2ai' maintainer email [email protected] as part of a dependency-confusion / reconnaissance campaign. The package name mimics the internal/private package naming convention of a target organization a Salesforce SLD...

6.1AI score
Exploits0References3
Circl
Circl
added 3 days ago8 views

CVE-2026-15155

creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5imu2qi2e 2026-07-11 07:59:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6xqk3ap2g 2026-07-11 08:00:32+00:00| seen|...

8.8CVSS6.1AI score0.00367EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago26 views

Apache ActiveMQ - Remote Code Execution

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bridge at /api/jolokia/ on the web console. The default Jolokia access policy permits exec operations o...

8.8CVSS7.2AI score0.96666EPSS
Exploits13References3
Metasploit
Metasploit
added 4 days ago12 views

FTP Fetch, Linux Command Shell, Bind TCP Random Port Inline

Fetch and execute an x64 payload from an FTP server. Listen for a connection in a random port and spawn a command shell. Use nmap to discover the open port: 'nmap -sS target -p-'. Module Options msf use payload/cmd/linux/ftp/x64/shellbindtcprandomport msf payloadshellbindtcprandomport show action...

6.2AI score
Exploits0
Circl
Circl
added 4 days ago8 views

CVE-2026-56688

creationtimestamp| type| source ---|---|--- 2026-07-10 12:34:10+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116895701434331747 2026-07-10 12:58:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc77o3vm427 2026-07-10 13:12:04+00:00| seen|...

9.1CVSS6.1AI score0.01285EPSS
Exploits0References8
Circl
Circl
added 4 days ago7 views

CVE-2026-40009

creationtimestamp| type| source ---|---|--- 2026-07-10 11:18:42+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbznn7c7g26 2026-07-10 12:15:29+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-40009 2026-07-10 13:25:26+00:00| seen|...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References5
Patchstack
Patchstack
added 4 days ago4 views

WordPress All-in-One Video Gallery plugin <= 4.8.5 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by KoreaInfoSec - Korea University in WordPress Plugin All-in-One Video Gallery versions = 4.8.5...

6.4CVSS6.1AI score0.00246EPSS
Exploits0References1Affected Software1
Circl
Circl
added 4 days ago7 views

CVE-2026-15282

creationtimestamp| type| source ---|---|--- 2026-07-10 05:16:07+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqbffamohv2z 2026-07-11 00:00:32+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqde7qogx42j 2026-07-13 01:01:18+00:00| seen|...

9.8CVSS6.1AI score0.00744EPSS
Exploits1References4
Patchstack
Patchstack
added 5 days ago5 views

WordPress Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 1.24.1 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Mail Mint versions = 1.24.1...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 5 days ago5 views

WordPress AIWU plugin <= 1.5.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by VanTastic in WordPress Plugin AIWU versions = 1.5.4...

9.3CVSS6.1AI score0.004EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago7 views

WordPress Aimogen Pro plugin <= 2.8.3 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Aimogen Pro versions = 2.8.3...

10CVSS6.1AI score0.00522EPSS
Exploits0Affected Software1
Rows per page
Query Builder