Lucene search
K

3002 matches found

Nuclei
Nuclei
added 10 hours ago36 views

SickChill - Open Redirect

SickChill's login endpoint's 'next' parameter accepts arbitrary content, allowing authenticated attackers to perform open redirects, but this was fixed in commit c7128a8946c3701df95c285810eb75b2de18bf82 by redirecting to a default page. id: CVE-2024-53995 info: name: SickChill - Open Redirect...

4.8CVSS6AI score0.00935EPSS
Exploits0References6
Nuclei
Nuclei
added 10 hours ago26 views

Quiz and Survey Master <= 8.1.4 - SQL Injection

ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...

9.3CVSS7.3AI score0.01977EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago70 views

AxxonSoft Axxon Next - Local File Inclusion

AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. id: CVE-2018-7467 info: name: AxxonSoft Axxon Next - Local File Inclusion author: 0xAkoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. impact: | An attacker can read...

7.5CVSS7.1AI score0.10358EPSS
Exploits2References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-42581

A vulnerability was found in GNU LibreDWG up to 0.13.4. The impacted element is the function dwgnextentity of the file src/dwg.c of the component DWG File Handler. Performing a manipulation of the argument nextobj results in null pointer dereference. The attack must be initiated from a local...

4.8CVSS5.5AI score
Exploits0References9
CVE
CVE
added yesterday9 views

CVE-2026-15184

CVE-2026-15184 affects GNU LibreDWG up to 0.13.4. The vulnerable element is the function dwg_next_entity in src/dwg.c of the DWG File Handler. Manipulating the argument next_obj can cause a null pointer dereference . The attack must come from a local position and an exploit has been made public. ...

4.8CVSS5.5AI score
Exploits0References9
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-15173

A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the pcapng file parser, leading to a crash of the application. This denial of service DoS could prevent legitimate users from accessing the service, impacting its availability. Mitigation To mitigate this issue, use...

5.5CVSS6AI score0.00098EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in next-bignumber.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 615f1e472f3fec95854738e64a4e4883676d514db833ca3bfa7a1008c0253a57 Package impersonates the widely-used bn.js crypto library: README, repository URL, logo, and source files are copied verbatim from indutny/bn.js, but...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago5 views

Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e7369fd2dd1ba9002d2c693ba08c553c7c6fef54dba372146c11f20b43607aa react-next-dom masquerades as a React/Next.js ecosystem package but ships a pino-like surface concealing a remote code loader. The main export is a...

6.7AI score
Exploits0References3
OSV
OSV
added 4 days ago7 views

MAL-2026-6825 Malicious code in react-next-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2a7b3360c09fca3400981d3d0d4c5e8a72c8193e0841c5d2eceb193a08fc440e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.9AI score
Exploits0References1
Snyk
Snyk
added 6 days ago6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n

A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization i18n configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /next/data//.json requests, which bypass the...

7.5CVSS5.9AI score0.00551EPSS
Exploits1References5
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:10 a.m.7 views

ipc: limit next_id allocation to the valid ID range

...

7.8CVSS5.8AI score0.00125EPSS
Exploits0
EUVD
EUVD
added 2026/06/26 4:22 p.m.8 views

EUVD-2026-39803

Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename...

9CVSS6.1AI score0.00274EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/25 2:20 a.m.9 views

SUSE CVE-2026-52923

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: sched/rt: The function rtonextcpu should now properly handle situations where only CPU0 is overloaded. In such cases, rtonextcpu should ideally return -1, indicating that no further IPIs are needed. The vulnerability arises when...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed out-of-bound access in fib6addrt2node. syzbot reported an out-of-bound read in fib6addrt2node. 0 When an IPv6 route is created with RTANHID, the struct fib6info does not have the trailing struct fib6nh. The referenced...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52923

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

7.8CVSS5.6AI score0.00125EPSS
Exploits0
CVE
CVE
added 2026/06/24 7:14 a.m.59 views

CVE-2026-52923

The CVE-2026-52923 issue affects the Linux kernel IPC ID allocation in the checkpoint/restore path. ipc_idr_alloc() forwards the next_id request to idr_alloc() with an open-ended upper bound, so if the valid SysV IPC id tail is full the allocation can spill past ipc_mni. The encoded id may then r...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/06/23 5:48 p.m.5 views

ROOT-APP-NPM-CVE-2026-44580 CVE-2026-44580 in @rootio/next - Patched by Root

Root has patched CVE-2026-44580 in the @rootio/next package for Root:npm. Multiple fixed versions available...

6.1CVSS5.3AI score0.00205EPSS
Exploits0
OSV
OSV
added 2026/06/23 5:48 p.m.10 views

ROOT-APP-NPM-GHSA-8H8Q-6873-Q5FJ GHSA-8h8q-6873-q5fj in @rootio/next - Patched by Root

Root has patched GHSA-8h8q-6873-q5fj in the @rootio/next package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
Rows per page
Query Builder