Lucene search
+L

3947 matches found

Nuclei
Nuclei
added yesterday66 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS5.2AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday66 views

BIQS IT Biqs-drive v1.83 Local File Inclusion

A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user. id: CVE-2021-394...

7.5CVSS7.5AI score0.08449EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday1020 views

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

6.1CVSS6AI score0.03747EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday79 views

Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints

The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as movi...

9.8CVSS7.9AI score0.07226EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

MAL-2026-10643 Malicious code in ethereum-input-decorder (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...

6.2AI score
Exploits0References6
NVD
NVD
added 4 days ago3 views

CVE-2026-50372

Buffer over-read in Windows Redirected Drive Buffering allows an authorized attacker to elevate privileges locally...

7CVSS0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-50372 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

...

7CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 4 days ago5 views

CVE-2026-50372

CVE-2026-50372 — Windows Redirected Drive Buffering : A buffer over-read vulnerability in Windows Redirected Drive Buffering could allow an authorized, local attacker to elevate privileges. The CVE is corroborated by multiple sources (NVD, MSRC, EUVD/ENISA, CIRCL sighting) with an incident descri...

7CVSS6AI score0.00252EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago6 views

CVE-2026-50372 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

...

7CVSS6.1AI score0.00252EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago5 views

Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

Buffer over-read in Windows Redirected Drive Buffering allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score0.00252EPSS
Exploits0
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-58354

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A buffer over-read in Windows Redirected Drive Buffering enables an authorized attacker to elevate privileges locally, potentially allowing a low-privileged local account to obtain...

7CVSS6.2AI score0.00252EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/02 1:12 a.m.10 views

[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
Fedora
Fedora
added 2026/07/02 1:11 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
The Hacker News
The Hacker News
added 2026/07/01 5:18 p.m.30 views

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEILDROP by Securonix. It's suspected that the initial payloads are distributed...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54759

Name of the Vulnerable Software and Affected Versions gazebo plugins version 3.9.0 Description Improper input validation in the gazebo ros diff drive.cpp component allows attackers to cause a Denial of Service DoS by supplying a crafted geometry msgs::Twist message. Recommendations At the moment,...

7.5CVSS6AI score0.00343EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/01 12:0 a.m.5 views

CVE-2026-38891

An improper input validation in the gazeborosdiffdrive.cpp component of gazeboplugins v3.9.0 allows attackers to cause a Denial of Service DoS via supplying a crafted geometrymsgs::Twist message...

5.8AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.25 views

CVE-2026-56277 Flowise - Hardcoded CORS Wildcard in TTS Endpoint

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard on its text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts, independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS...

6.9CVSS0.00136EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.8 views

EUVD-2026-39596

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.9 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS0.00176EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.10 views

CVE-2026-13083

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting XSS payload into cluster objects such as ClusterVersion...

6.9CVSS5.7AI score0.00176EPSS
Exploits0References3
Rows per page
Query Builder