Lucene search
K

13508 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.747 views

GlobalProtect - OS Command Injection

A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama...

10CVSS9.2AI score0.99999EPSS
Exploits43References5
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36938

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS5.3AI score0.00428EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-39478

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.26 views

CVE-2026-39478 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS0.00428EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.22 views

CVE-2026-39478

CVE-2026-39478 concerns the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” (versions

8.8CVSS5.3AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2026/06/15 5:28 p.m.11 views

GHSA-6H46-9JF5-Q59X Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

Description When a firewall is configured with form-login or any authenticator using DefaultAuthenticationFailureHandler and the failureforward: true option, the handler reads the failurepath parameter from the failing login request and uses it as the path of an internal subrequest dispatched...

5.5AI score0.00058EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/15 5:28 p.m.7 views

Symfony: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

Description When a firewall is configured with form-login or any authenticator using DefaultAuthenticationFailureHandler and the failureforward: true option, the handler reads the failurepath parameter from the failing login request and uses it as the path of an internal subrequest dispatched...

5.3AI score0.00058EPSS
Exploits0References6Affected Software2
Imperva Blog
Imperva Blog
added 2026/06/15 11:6 a.m.9 views

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.10 views

CVE-2026-47244

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a large number of HTTP/2 stream requests to a Netty HTTP/2 server. If the server does not explicitly limit concurrent streams, it can lead to the allocation of numerous long-liv...

5.3CVSS5.3AI score0.00292EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.9 views

CVE-2026-50011

A flaw was found in Netty, a network application framework. The RedisArrayAggregator component pre-allocates memory based on the declared element count in a Redis array header. A remote attacker can exploit this by sending a small, malicious Redis array header that claims a huge initial capacity,...

7.5CVSS5.3AI score0.00371EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/15 8:35 a.m.7 views

CVE-2026-45832

A flaw was found in ChromaDB. All V1 collection-level endpoints in the Python project pass null values for tenant and database to the authorization layer. This allows a remote attacker to bypass authorization controls by utilizing these V1 endpoints. The primary consequence is unauthorized access...

8.8CVSS5.3AI score0.00284EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49231

Name of the Vulnerable Software and Affected Versions Cornerstone versions prior to 7.8.8 Description A flaw allows a user with subscriber privileges to achieve arbitrary code execution, which is the ability to run unauthorized commands or code on the host system. Recommendations Update to versio...

8.5CVSS5.6AI score0.00371EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.16 views

PT-2026-49187

Name of the Vulnerable Software and Affected Versions OttoKit versions prior to 1.1.28 Description Unauthenticated PHP Object Injection occurs in the software. PHP Object Injection is a vulnerability that allows an attacker to pass malicious serialized objects into the application, which can lead...

9.8CVSS6AI score0.00383EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49232

Name of the Vulnerable Software and Affected Versions GPTranslate – Multilingual AI Translation for WordPress versions prior to 2.32.7 Description An unauthenticated SQL Injection exists in the GPTranslate plugin for WordPress. This allows an attacker to execute arbitrary SQL queries on the...

9.3CVSS6.1AI score0.00289EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49380

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

8.8CVSS5.3AI score0.00428EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.11 views

PT-2026-49116

Name of the Vulnerable Software and Affected Versions Shared Files versions prior to 1.7.65 Description An unauthenticated path traversal issue exists, allowing an attacker to access files and directories outside the intended folder on the server. Recommendations Update to a version newer than...

7.5CVSS5.2AI score0.00326EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.10 views

PT-2026-49107

Name of the Vulnerable Software and Affected Versions WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms versions prior to 1.1.5 Description An unauthenticated PHP Object Injection issue exists in the plugin. PHP Object Injection occurs when user-supplied input is...

9.8CVSS5.8AI score0.00476EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.14 views

PT-2026-49143

Name of the Vulnerable Software and Affected Versions WP Go Maps versions prior to 10.0.10 Description The plugin fails to properly enforce the marker approval filter on the admin-ajax fallback for its datatables route. This allows unauthenticated visitors to retrieve marker records that the site...

5.2AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.10 views

PT-2026-49117

Name of the Vulnerable Software and Affected Versions Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms versions prior to 1.1.2 Description An unauthenticated PHP Object Injection issue exists in the software. PHP Object Injection occurs when user-supplied input i...

9.8CVSS5.8AI score0.00476EPSS
Exploits1References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 12:42 p.m.13 views

Malicious code in parket-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6dc700128da5b494d5325086ec183ce7c746d44d88dc7f609bfb9f2eab9fa072 On npm install, the package's postinstall script node test.js auto-executes a multi-stage attack against the installer's machine. It recursively scan...

5.5AI score
Exploits0References2
Rows per page
Query Builder