Lucene search
+L

18799 matches found

Nuclei
Nuclei
added yesterday61 views

Palo Alto Networks Expedition - OS Command Injection

An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls...

9.8CVSS8.2AI score0.77653EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday88 views

Mitel MiCollab - Arbitary File Read

The Mitel Collab Arbitrary File Read vulnerability allows an unauthenticated attacker to read arbitrary files from the underlying file system on a Mitel Collab server. Exploiting this flaw involves sending specially crafted requests to the server, bypassing access controls and allowing the attack...

9.8CVSS7.4AI score0.98067EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday60 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS9.1AI score0.99609EPSS
Exploits3References4
Cvelist
Cvelist
added yesterday11 views

CVE-2026-62201 OpenClaw < 2026.6.6 Network Policy Bypass via exec-server

OpenClaw versions before 2026.6.6 contain a network policy bypass vulnerability in the sandbox exec-server that allows lower-trust callers to reach internal network destinations blocked by OpenClaw policy. Attackers can send HTTP requests through the exec-server to access network resources that...

7.7CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-62201

OpenClaw prior to version 2026.6.6 contains a network policy bypass in the sandbox exec-server that lets lower-trust callers reach internal network destinations blocked by policy. Attackers can send HTTP requests through the exec-server to access restricted network resources. The CVE description ...

7.7CVSS6.1AI score0.00273EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago119 views

Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting

PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute...

8.8CVSS7AI score0.2389EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago186 views

DCBI-Netlog-LAB v1.0 - Command Injection

An issue in the component /networkconfig/nsgmasq.cgi of DCN Digital China Networks DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request. id: CVE-2023-26802 info: name: DCBI-Netlog-LAB v1.0 - Command Injection author: pussycat0x...

9.8CVSS7.2AI score0.4871EPSS
Exploits1References1
NVD
NVD
added 4 days ago3 views

CVE-2026-47632

Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network...

8.8CVSS0.00313EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

ASP.NET Core Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network...

8.8CVSS6.1AI score0.00538EPSS
Exploits0
Cvelist
Cvelist
added 4 days ago24 views

CVE-2024-7708

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS0.00252EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago5 views

EUVD-2024-55651

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2024-7708

For requests that have a body, but reading the body may end up in reading 0 bytes, there is a buffer leak. This is particularly the case for 100-Continue, but any request where the network is slow can leak...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References4
CVE
CVE
added 4 days ago10 views

CVE-2024-7708

CVE-2024-7708 describes a buffer leak occurring when reading the body of HTTP requests; this can happen for requests with a body, especially under slow network conditions (notably 100-Continue). The published metrics show a CVSS v3.1 base score of 7.5 (HIGH) with Network attack vector, no privile...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1Affected Software1
NVD
NVD
added 5 days ago10 views

CVE-2026-49969

Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::fromSource. Attackers can craft URLs targeting...

7.4CVSS0.00241EPSS
Exploits0References3
CVE
CVE
added 5 days ago11 views

CVE-2026-49969

Vulnerability overview: Laravel-Mediable

7.4CVSS6.2AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 5 days ago4 views

CVE-2026-49876

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

6.5CVSS0.00502EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-49876

CVE-2026-49876 describes an authenticated SSRF in the Gravitino JobManager. The issue allows server-side HTTP requests to internal networks and cloud metadata endpoints via unvalidated job template URIs. Affected software: Apache Gravitino 1.0.0 through 1.2.1. Impact is tied to the ability to rea...

6.5CVSS6.1AI score0.00502EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

0.00502EPSS
Exploits0References1
Nuclei
Nuclei
added 5 days ago290 views

PAN-OS Management Interface - Path Confusion to Authentication Bypass

A vulnerability in PAN-OS management interface allows authentication bypass through path confusion between Nginx and Apache handlers.The issue occurs due to differences in path processing between Nginx and Apache, where double URL encoding combined with directory traversal can bypass authenticati...

9.1CVSS7.1AI score0.98417EPSS
Exploits8References1
CVE
CVE
added 2026/07/10 8:54 p.m.13 views

CVE-2026-57575

Misskey (open source federated social platform) contains a Server-Side Request Forgery (SSRF) vulnerability in the UrlPreviewService prior to version 2026.6.0. The issue arises from insufficient network restrictions before outbound requests, allowing an attacker to trigger the Misskey server to i...

6.9CVSS6.1AI score0.00347EPSS
Exploits0References3
Rows per page
Query Builder