Lucene search
K

20164 matches found

Nuclei
Nuclei
added 15 hours ago27 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago16 views

Ozette Plugins - Cross-Site Request Forgery

An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...

8.8CVSS7AI score0.0161EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago14 views

Hippoo Mobile App for WooCommerce <= 1.7.1 - Unauthenticated Arbitrary File Read

The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to and including 1.7.1 via the templateredirect function. The plugin registers 'hippooserve' as a WordPress query variable and uses it to serve PWA files from the pwa/ directory. In...

7.5CVSS6.2AI score0.02056EPSS
Exploits0References3
Nuclei
Nuclei
added 15 hours ago16 views

Hippoo Mobile App for WooCommerce <= 1.9.4 - Authentication Bypass to Admin Account Takeover

Hippoo Mobile App for WooCommerce WordPress plugin = 1.9.4 contains an authentication bypass caused by logic conflation in user permission checks, letting unauthenticated attackers take over administrator accounts via REST API password reset. id: CVE-2026-10580 info: name: Hippoo Mobile App for...

9.8CVSS6.1AI score0.02841EPSS
Exploits1References2
Nuclei
Nuclei
added 15 hours ago37 views

WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass

Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users. id: CVE-2024-50477 info: name: WordPress Stacks Mobile App Builder =5.2.3 - Authentication Bypass...

9.8CVSS6.2AI score0.07959EPSS
Exploits3References4
Nuclei
Nuclei
added 15 hours ago59 views

Sophos Mobile managed on-premises - XML External Entity Injection

An XML External Entity XXE vulnerability allows server-side request forgery SSRF and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. id: CVE-2022-3980 info: name: Sophos Mobile managed on-premises - XML External Entity Injection author: dabla...

9.8CVSS7.3AI score0.08087EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-15720

In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service...

8.6CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-15720

Open5GS up to version 2.7.7 is affected by a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler, which may cause subscriber-wide denial of service. The CVE entry consolidates this as CVE-2026-15720. The connected sources (NVD/NVD CVE records) confirm the vulnera...

8.6CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-15720 Pre-auth heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler

In Open5GS through version 2.7.7 a pre-authentication heap out-of-bounds read in the AMF NAS 5GS mobile-identity handler may result in subscriber-wide denial of service...

8.6CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday131 views

Ivanti Endpoint Manager Mobile - Unauthenticated Remote Code Execution

An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials. This leads to unauthenticated Remote Code Execution via unsafe userinput in one of the bean validators which is sink for Server-Side Template Injection. id:...

7.5CVSS6.8AI score0.99899EPSS
Exploits8References1
The Hacker News
The Hacker News
added 5 days ago11 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-0277 Prisma Access Agent: Improper Certificate Validation on iOS

An improper certificate validation vulnerability in the Prisma® Access Agent for iOS enables an attacker to perform a man-in-the-middle MitM attack to intercept VPN traffic. The Prisma Access Agent on Windows, macOS, Linux, Android and ChromeOS are not affected...

8.7CVSS0.00125EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-15169

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service DoS by sending a specially crafted Universal Mobile Telecommunications System UMTS FP protocol packet. The flaw resides in the UMTS FP protocol dissector, which can lead to a crash of the...

7.5CVSS6AI score0.00218EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-15169

UMTS FP protocol dissector crash in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows denial of service...

5.5CVSS5.9AI score0.00218EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56595

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.6.0 through 4.6.6 Wireshark versions 4.4.0 through 4.4.16 Description A crash in the UMTS FP protocol dissector allows a denial of service. A dissector is a software component that breaks down network traffic into a...

7.5CVSS6.1AI score0.00218EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/07 1:32 p.m.30 views

CVE-2026-6101 AMP for WP <= 1.1.12 - Authenticated (Author+) Arbitrary File Write via Role-Based Access Configuration with Local Font Upload

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS0.00646EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/07 1:32 p.m.11 views

CVE-2026-6101

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Arbitrary File Write in versions up to and including 1.1.12. This is due to unsafe ZIP file extraction in the ampforwpsavelocalfont function combined with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/07 12:30 a.m.8 views

EUVD-2026-41972

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...

6AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56191

Name of the Vulnerable Software and Affected Versions AMP for WP versions prior to 1.1.13 Description An Arbitrary File Write issue exists due to unsafe ZIP file extraction within the ampforwp save local font function, coupled with inadequate cleanup that fails to remove nested directories and...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References12
CVE
CVE
added 2026/07/06 11:7 p.m.25 views

CVE-2026-13356

The CVE-2026-13356 issue affects Firefox for iOS and centers on a malicious webpage that interrupts a pending navigation by enqueuing a synchronous JavaScript dialog. This side effect causes the browser UI to display the destination origin in the address bar while attacker-controlled content cont...

6.3CVSS6AI score0.00132EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder