Lucene search
K

1098 matches found

Nuclei
Nuclei
added 16 hours ago35 views

WordPress Broken Link Notifier < 1.3.1 - Unauthenticated SSRF

The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajaxblinks function which ultimately calls the checkurlstatuscode function. This makes it possible for unauthenticated attackers to make web requests to...

7.2CVSS6.2AI score0.00623EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago42 views

WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting

WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.4AI score0.00902EPSS
Exploits2References3
NVD
NVD
added yesterday4 views

CVE-2026-45754

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, the Mailjet mailer bridge and LOX24 notifier bridge webhook parsers received configured webhook secrets but did not verify them, allowing unauthenticated POST...

6.9CVSS0.00103EPSS
Exploits0References6
CVE
CVE
added yesterday24 views

CVE-2026-47212

Symfony’s Twilio Notifier Bridge contains a vulnerability in TwilioRequestParser::doParse() where the configured webhook secret is read but the X-Twilio-Signature verification is ignored, allowing unauthenticated POSTs to inject forged Twilio status payloads. Affected releases: Symfony before 6.4...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/07 3:13 p.m.12 views

Malicious code in notifier-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...

6.3AI score
Exploits0References5
OSV
OSV
added 2026/07/07 3:13 p.m.7 views

MAL-2026-6923 Malicious code in notifier-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6a5846e3c26fdded8225d54ec017b01be255353470c39a780bbd9b556c059120 The package presents itself as a pino-compatible logger README, keywords, and a module.exports.pino alias mirror the pino identity, and lib/ replicat...

6.3AI score
Exploits0References5
CVE
CVE
added 2026/07/01 1:32 p.m.20 views

CVE-2026-53332

CVE-2026-53332 affects the Linux kernel’s slimbus driver (qcom-ngd-ctrl) where registering SSR/PDR callbacks and enabling interrupts can occur before the NGD device is fully initialized. If remoteproc starts in parallel with probing, or if a PDR lookup is registered while remoteproc is up, callba...

5.8AI score0.00168EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53271

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...

5.5CVSS0.00119EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53271

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL-deref of opinfo-conn in oplock/lease break notifiers smb2oplockbreaknoti and smb2leasebreaknoti read opinfo-conn into a local with neither READONCE nor a NULL check. Both run from oplockbreak after opinfogetlist h...

6CVSS5.7AI score0.00119EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: The separate reset and clock enable bits are removed for the 8MQ VPU. For the i.MX8MQ platform, the ADB in the VPUMIX domain does not have separate reset and clock enable bits. Instead, both are enabled...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fixed the issue where UMR hangs in the LAG error state during device unloading. During a firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during devic...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: media: v4l2-async: Fixed error handling after finding a match. Once an async connection is found to match an fwnode, a sub-device may be registered if it wasn’t already. Its binding operation is performed, auxiliary links are...

5.5CVSS6AI score0.00127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ipvs: Do not keep the destdst entry if the device is going down. There is a race between the netdevnotifier function ipvsdstevent and the code that caches the dst entry for devices that are going down. Since the FIB can be notifi...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 12:16 a.m.12 views

CVE-2026-12048

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS0.0021EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 11:37 p.m.2 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS7.1AI score0.0021EPSS
Exploits0References5
OSV
OSV
added 2026/06/15 12:12 p.m.10 views

USN-8405-2 cups regression

USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during...

6.3AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-39980

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 6.9.5, the safeEjs.ts file does not properly sanitize EJS templates. Users with the Manage customization capability can run arbitrary JavaScript in the context of the OpenCTI platform...

9.1CVSS5.6AI score0.00522EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:16 a.m.82 views

CVE-2026-46113

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp-gfn plus the SPTE index. This assumption breaks for shadow paging if the guest page tables are modifie...

8.8CVSS0.00126EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/28 3:55 a.m.12 views

SUSE CVE-2026-45973

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix UMR hang in LAG error state unload During firmware reset in LAG mode, a race condition causes the driver to hang indefinitely while waiting for UMR completion during device unload. See 1. In LAG mode the bond devic...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References3
Rows per page
Query Builder