Lucene search
K

29726 matches found

CVE
CVE
added yesterday1 views

CVE-2026-13967

Heap buffer overflow in V8 in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.4AI score
Exploits0References2
CVE
CVE
added yesterday2 views

CVE-2026-13883

Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References2
Nuclei
Nuclei
added yesterday62 views

Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal

Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retrieval of a file via a remote, specifically crafted HTTP request to the REST API. id: CVE-2018-19365 info: name: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal author: 0xAkoko severity: critical...

9.1CVSS7.3AI score0.22863EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday6 views

WP Travel Engine <= 5.7.9 - SQL Injection

WP Travel Engine 5.7.9 and earlier contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2024-30502 info: name: WP Travel Engine = 5.7.9 - SQL Injection...

9.8CVSS7.6AI score0.02267EPSS
Exploits0References4
Nuclei
Nuclei
added 3 days ago28 views

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS7.9AI score0.59844EPSS
Exploits2
Nuclei
Nuclei
added 3 days ago23 views

WordPress AI Engine Plugin - Token Exposure

Unauthenticated sensitive information exposure in AI Engine WordPress plugin = 3.1.3 exposes bearer tokens via REST API endpoints when No-Auth URL is enabled. id: CVE-2025-11749 info: name: WordPress AI Engine Plugin - Token Exposure author: 4m3rr0r severity: critical description: | Unauthenticat...

9.8CVSS7.3AI score0.75759EPSS
Exploits5References2
Nuclei
Nuclei
added 3 days ago41 views

Jordy Meow AI Engine - Unrestricted File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Jordy Meow AI Engine- ChatGPT Chatbot.This issue affects AI Engine- ChatGPT Chatbot- from n/a through 1.9.98. id: CVE-2023-51409 info: name: Jordy Meow AI Engine - Unrestricted File Upload author: pussycat0x severity: critical...

10CVSS7.3AI score0.63329EPSS
Exploits4References4
Nuclei
Nuclei
added 3 days ago35 views

Autonomy Ultraseek - Open Redirect

Open redirect vulnerability in cs.html in the Autonomy formerly Verity Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. id: CVE-2009-0347 info: name: Autonomy Ultraseek - Open Redirect author: ctflearner...

5.8CVSS6AI score0.10257EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago13 views

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.8 security update

The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...

10CVSS6.8AI score0.00535EPSS
Exploits6References16
Github Security Blog
Github Security Blog
added 5 days ago12 views

pnpm: Repository-controlled configDependencies can select a pacquet native install engine

Maintainer Action Plan This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path. - Advisory: CAND-PNPM-097 / GHSA-gj8w-mvpf-x27x - Advisory URL:...

8.8CVSS6.1AI score0.00117EPSS
Exploits1References3Affected Software1
NVD
NVD
added 5 days ago9 views

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS0.00685EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-33646

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera template engine during parsing, with the exec function registered, enabling arbitrary command execution. Unlike .mise.toml files, .tool-versions files are not...

9.6CVSS6AI score0.00685EPSS
Exploits0References2Affected Software1
NVD
NVD
added 5 days ago6 views

CVE-2026-5757

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS0.00462EPSS
Exploits1References3
NVD
NVD
added 5 days ago8 views

CVE-2026-0685

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

9.8CVSS0.00726EPSS
Exploits0References2
CVE
CVE
added 5 days ago19 views

CVE-2026-0685

CVE-2026-0685 affects the Genshi Template Engine (version 0.7.9). The SSTI vulnerability arises in the expression evaluation component due to unsafe use of Python’s eval() and exec() with fallback to Python built-ins, enabling arbitrary code execution if an attacker can influence template express...

9.8CVSS6.7AI score0.00726EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-39792

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

9.8CVSS6.7AI score0.00726EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-0685 Server side template inject (SSTI) in Edgewall Genshi Template Engine

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

0.00726EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-0685

Server side template inject SSTI in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution RCE via crafted template expressions...

9.8CVSS6.7AI score0.00726EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-39786

Unauthenticated remote information disclosure vulnerability in Ollama's model quantization engine allows an attacker to read and exfiltrate the server's heap memory, potentially leading to sensitive data exposure, further compromise, and stealthy persistence...

7.5CVSS6.7AI score0.00462EPSS
Exploits1References2
NVD
NVD
added 6 days ago9 views

CVE-2026-4930

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations AES encryption/decryption and hashing. DPA Countermeasures on SYMCRYPTO can be weakened reduced entropy by forcing certain seed values if an attacker gains code...

7.1CVSS0.00101EPSS
Exploits0References1
Rows per page
Query Builder