Lucene search
+L

302 matches found

Nuclei
Nuclei
added 17 hours ago24 views

SmartSearchWP < 2.4.6 - OpenAI Key Disclosure

The plugin does not have proper authorization in one of its REST endpoint, allowing unauthenticated users to retrieve the encoded key and then decode it, thereby leaking the OpenAI API key. id: CVE-2024-6845 info: name: SmartSearchWP 2.4.6 - OpenAI Key Disclosure author: s4e-io severity: medium...

5.3CVSS5.3AI score0.01113EPSS
Exploits1References2
OSV
OSV
added 3 days ago4 views

JLSEC-2026-675

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3CVSS6.1AI score0.00527EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

0.00192EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.9 views

Important: Red Hat Security Advisory: Satellite 6.16.10 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS5.7AI score0.00297EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.13 views

Important: Red Hat Security Advisory: Satellite 6.18.7 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS6.8AI score0.00671EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/01 2:7 p.m.38 views

CVE-2026-5142 Foreman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS0.00253EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

RHEL 8 : gnutls and libtasn1 (RHSA-2026:30849)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30849 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...

9.8CVSS6.1AI score0.01335EPSS
Exploits2References28
GithubExploit
GithubExploit
added 2026/06/12 10:20 a.m.98 views

Exploit for CVE-2026-53646

███████╗ ██████╗ ███████╗██╗ ██╗██╗██╗ ██╗ ███████...

5.6AI score0.0042EPSS
Exploits1
Patchstack
Patchstack
added 2026/06/11 12:21 p.m.9 views

WordPress Fortis For WooCommerce plugin < 1.3.1 - Sensitive API Key Disclosure vulnerability

Sensitive API Key Disclosure vulnerability discovered by WPScan Team in WordPress Plugin Fortis for WooCommerce versions 1.3.1...

7.5CVSS5.4AI score0.00404EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/23 4:27 a.m.21 views

CVE-2026-6895 Wishlist Member <= 3.30.1 - Missing Authorization to Authenticated (Subscriber+) API Secret Key Disclosure and Privilege Escalation via 'wlm3_export_settings' AJAX Action

The WishList Member plugin for WordPress is vulnerable to Missing Authorization leading to Sensitive Information Disclosure and Privilege Escalation in versions up to and including 3.30.1. This is due to the missing capability checks in the 'exportsettings' function. This function returns the RES...

8.8CVSS0.00248EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:31 p.m.9 views

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

5.8AI score0.00425EPSS
Exploits0References9Affected Software1
GithubExploit
GithubExploit
added 2026/04/17 10:41 a.m.239 views

Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

CVE-2026-27944 + CVE-2026-33032 — nginx-ui Zero-Credential RCE...

9.8CVSS5.7AI score0.38477EPSS
Exploits15
Vulnrichment
Vulnrichment
added 2026/03/23 6:41 a.m.3 views

CVE-2025-13997 King Addons for Elementor <= 51.1.49 - Unauthenticated API Keys Disclosure

The King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in all versions up to, and including, 51.1.49 due to the plugin adding the API keys to the HTML source code via...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References2
CVE
CVE
added 2026/03/10 8:46 p.m.14 views

CVE-2026-0115

Technical details for CVE-2026-0115 are not publicly available in the provided documents. Monitor for updates.

2.1CVSS5.9AI score0.0009EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/10 6:28 p.m.7 views

GO-2026-4614 Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI

Nginx-UI Vulnerable to Unauthenticated Backup Download with Encryption Key Disclosure in github.com/0xJacky/Nginx-UI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

9.8CVSS5.8AI score0.22162EPSS
Exploits13References5
GithubExploit
GithubExploit
added 2026/03/10 11:23 a.m.249 views

Exploit for CVE-2026-27944

CVE-2026-27944 - Nginx-UI Unauthenticated Backup Download !...

9.8CVSS5.8AI score0.22162EPSS
Exploits13
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.9 views

PT-2026-24444

In Trusted Execution Environment, there is a possible key leak due to side channel information disclosure. This could lead to physical information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

5.9AI score0.0009EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.6 views

CVE-2025-14864 Virusdie <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure

The Virusdie - One-click website security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.7. This is due to missing capability checks on the vdgetapikey function which is hooked to wpajaxvirusdieapikey. This makes it possible for...

4.3CVSS5.3AI score0.00327EPSS
Exploits0References4
CVE
CVE
added 2026/02/19 4:36 a.m.14 views

CVE-2025-14864

CVE-2025-14864 concerns Virusdie – One-click website security (WordPress) up to version 1.1.7. The vulnerability arises from missing capability checks on the vd_get_apikey function, which is hooked to wp_ajax_virusdie_apikey. This allows authenticated attackers with Subscriber-level access and ab...

4.3CVSS5.3AI score0.00327EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/19 12:9 a.m.6 views

WordPress Virusdie plugin <= 1.1.7 - Missing Authorization to Authenticated (Subscriber+) API Key Disclosure vulnerability

Missing Authorization to Authenticated Subscriber+ API Key Disclosure vulnerability discovered by Sushi Com Abacate in WordPress Plugin Virusdie versions = 1.1.7...

4.3CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder