Lucene search
K

9677 matches found

Nuclei
Nuclei
added 2 days ago82 views

Cisco Smart Licensing Utility UnAuthenticated Logs Exposure Leaking Plaintext Credentials

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to access sensitive information.This vulnerability is due to excessive verbosity in a debug log file. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected...

7.5CVSS7.1AI score0.51466EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago156 views

NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure

The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getitem function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data includi...

5.3CVSS7AI score0.38023EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago214 views

Jakarta Tomcat 3.1 and 3.0 - Information Disclosure

Jakarta Tomcat 3.1 and 3.0 under Apache contain a vulnerability in the Snoop servlet that reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension, exploit requires remote access. id: CVE-2000-0760 info: name: Jakarta Tomcat 3.1 and 3.0 -...

6.4CVSS6.1AI score0.62496EPSS
Exploits1References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-13114 Motors <= 1.4.112 - Unauthenticated Stored Cross-Site Scripting via Comment Content and User Biographical Info

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content and User Biographical Info in all versions up to, and including, 1.4.112 due to insufficient input sanitization and output escaping. This makes it possibl...

7.2CVSS0.00247EPSS
Exploits0References8
CVE
CVE
added 4 days ago13 views

CVE-2026-13114

CVE-2026-13114 affects the Motors – Car Dealership & Classified Listings Plugin for WordPress, vulnerable to an unauthenticated Stored Cross-Site Scripting (XSS) via Comment Content and User Biographical Info in all versions up to 1.4.112. The flaw arises from insufficient input sanitization and ...

7.2CVSS6.2AI score0.00247EPSS
Exploits0References8
Circl
Circl
added 5 days ago7 views

CVE-2026-13010

creationtimestamp| type| source ---|---|--- 2026-07-10 12:12:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqc4oghyvb2x 2026-07-10 13:19:26+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcafinug52i 2026-07-10 21:53:44+00:00| seen|...

6.5CVSS6.1AI score0.00254EPSS
Exploits0References3
NVD
NVD
added 6 days ago9 views

CVE-2026-12517

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-12517

CVE-2026-12517 : The Fediverse Embeds WordPress plugin is vulnerable to a Server-Side Request Forgery (SSRF) because the destination of a server-side request from the unauthenticated site-info endpoint is not validated. This allows anonymous users to trigger requests to internal/private network U...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42513

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

5.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-12517 Fediverse Embeds < 1.5.8 - Unauthenticated SSRF via Site Info Endpoint

The Fediverse Embeds WordPress plugin before 1.5.8 does not validate the destination of the server-side request performed by an unauthenticated site-info endpoint before fetching it, allowing anonymous users the gating nonce is exposed on public pages carrying an embed to make the site request...

0.00187EPSS
Exploits0References1
Snyk
Snyk
added last week6 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the leafnode handshake process. An attacker can cause the server t...

8.7CVSS6.1AI score0.00732EPSS
Exploits0References2
CVE
CVE
added last week9 views

CVE-2026-58250

CVE-2026-58250 affects NATS Server: an unauthenticated peer with access to a leafnode listener with compression enabled could crash the server during the pre-authentication leafnode handshake by sending repeated leafnode INFO messages. The issue is fixed in versions 2.12.8 and 2.11.17 . Exploitat...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References5Affected Software1
NVD
NVD
added last week8 views

CVE-2026-60092

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS0.002EPSS
Exploits0References3
EUVD
EUVD
added last week5 views

EUVD-2026-42270

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
Amazon
Amazon
added 2026/07/08 12:0 a.m.7 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: Fix double-free in teqlmasterxmit CVE-2026-23449 In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes CVE-2026-31449 In the Linux...

9.8CVSS6AI score0.00742EPSS
Exploits0
NVD
NVD
added 2026/07/07 9:17 p.m.7 views

CVE-2026-50529

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid...

8.7CVSS0.00285EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/07 1:31 p.m.5 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References10
OSV
OSV
added 2026/07/06 11:10 p.m.3 views

CVE-2026-53647 FOSSBilling vulnerable to unauthenticated API key configuration disclosure via guest Serviceapikey get_info endpoint

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest serviceapikey/getinfo API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters custom fields stored in the...

6.9CVSS5.9AI score0.0042EPSS
Exploits1References3
NVD
NVD
added 2026/07/06 8:16 p.m.10 views

CVE-2026-58402

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.4CVSS0.00172EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/06 7:19 p.m.8 views

CVE-2026-58402

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.4CVSS5.8AI score0.00172EPSS
Exploits0
Rows per page
Query Builder