Lucene search
K

124066 matches found

CVE
CVE
added 8 hours ago7 views

CVE-2026-53360

The CVE affects the Linux kernel KVM-SEV/SNP path: when GHCB v2+ is in use, an OOB/heap-privacy flaw arises because end_entry is validated only against VMGEXIT_PSC_MAX_COUNT (253) instead of the actual buffer size, allowing a guest to read/write adjacent kmalloc-cg-32 objects via VMGEXITs. This c...

6AI score
Exploits0References4
Nuclei
Nuclei
added 17 hours ago17 views

Glances - Information Disclosure

Glances 4.5.2 contains an information disclosure vulnerability caused by the web server running without authentication by default, letting remote attackers access sensitive system information including credentials, exploit requires no special privileges. id: CVE-2026-32596 info: name: Glances -...

8.7CVSS7.1AI score0.0155EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago99 views

Spring MVC Framework - Local File Inclusion

Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources e.g. CSS, JS, images. A malicious user can send a request using a...

5.9CVSS7AI score0.35681EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago48 views

Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. id: CVE-2022-25486 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file...

7.8CVSS7AI score0.09966EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago45 views

Edito CMS - Sensitive Data Leak

Web services managed by Edito CMS Content Management System in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. id: CVE-2024-4836 info: name: Edito CMS - Sensitive Data Leak author: s4e-io severity: high description: | Web...

7.5CVSS5.9AI score0.02629EPSS
Exploits0References3
Nuclei
Nuclei
added 17 hours ago42 views

Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call. id: CVE-2022-34534 info: name: Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure author: ritikchaddha severity: high description: | Digital Watchdog DW...

7.5CVSS7.1AI score0.02102EPSS
Exploits0References2
Nuclei
Nuclei
added 17 hours ago91 views

Axigen WebMail - Cross-Site Scripting

Cross Site Scripting XSS vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions. id:...

5.4CVSS6.5AI score0.0109EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago22 views

WordPress Events Calendar 6.8.2.1 - Information Disclosure

The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...

5.3CVSS7.2AI score0.01071EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago24 views

Seriously Simple Podcasting < 3.0.0 - Information Disclosure

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request. id: CVE-2023-6444 info: name: Seriously Simple Podcasting 3.0.0 - Information Disclosure author: s4e-io...

5.3CVSS5.9AI score0.02463EPSS
Exploits3References3
Nuclei
Nuclei
added 17 hours ago98 views

AfterLogic Aurora and WebMail Pro < 7.7.9 - Information Disclosure

AfterLogic Aurora and WebMail Pro products with 7.7.9 and all lower versions are affected by this vulnerability, simply sending an HTTP GET request to WebDAV EndPoint with built-in “caldavpublicuser@localhost” and it’s the predefined password “caldavpublicuser” allows the attacker to read all fil...

7.5CVSS7.1AI score0.17345EPSS
Exploits2References5
Nuclei
Nuclei
added 17 hours ago62 views

XWiki < 4.10.15 - Information Disclosure

The Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki but not some protected...

7.5CVSS7.1AI score0.7282EPSS
Exploits0
Nuclei
Nuclei
added 17 hours ago45 views

CData Arc < 23.4.8839 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Arc 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions. id: CVE-2024-31850 info: name: CData Arc 23.4.88...

9.8CVSS7.2AI score0.08151EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago35 views

Intelbras Switch - Information Disclosure

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. id: CVE-2023-36144 info: name: Intelbras Switch - Information Disclosure author:...

7.5CVSS7.1AI score0.39723EPSS
Exploits2References4
Nuclei
Nuclei
added 17 hours ago26 views

PlayTube 3.0.1 - Information Disclosure

A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. id: CVE-2023-4714 info: name: PlayTube 3.0.1 - Informati...

7.5CVSS5.3AI score0.0521EPSS
Exploits3References5
Nuclei
Nuclei
added 17 hours ago51 views

Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

6.9CVSS6.2AI score0.45681EPSS
Exploits0References5
Nuclei
Nuclei
added 17 hours ago28 views

Free5gc 3.2.1 - Information Disclosure

Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-38870 info: name: Free5gc 3.2.1 - Information Disclosure author: For3stCo1d severity: high description: | Free5gc 3.2.1 ...

7.5CVSS7.1AI score0.02863EPSS
Exploits1References5
Nuclei
Nuclei
added 17 hours ago15 views

Netgear R6850 - Information Disclosure

Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the debuginfo.htm page. This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as product model name, WAN connection type, and...

5.3CVSS5.9AI score0.01231EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago28 views

D-Link DIR-859 - Information Disclosure

A critical information disclosure vulnerability exists in D-Link devices where sensitive device account information including credentials can be retrieved by sending an unauthenticated request to /getcfg.php endpoint with the parameter SERVICES=DEVICE.ACCOUNT. This could allow attackers to obtain...

9.8CVSS7AI score0.32261EPSS
Exploits1References2
Nuclei
Nuclei
added 17 hours ago24 views

XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure

An unauthenticated user can retrieve a list of users and their full names through a publicly accessible URL in XWiki. The issue affects versions before 12.10.11, 13.4.4, and 13.9-rc-1. id: CVE-2022-24819 info: name: XWiki 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure author: ritikchaddha...

5.3CVSS6.2AI score0.03282EPSS
Exploits1References1
Nuclei
Nuclei
added 17 hours ago37 views

Microweber <1.2.11 - Information Disclosure

Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from loadmodule:commentssearch=. An attacker can possibly obtain sensitive information, modify data, and/or execute...

9.4CVSS7.1AI score0.06923EPSS
Exploits1References5
Rows per page
Query Builder