Lucene search
K

22233 matches found

Nuclei
Nuclei
added 10 hours ago3 views

Apache Tomcat - Cross-Site Scripting

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS6.1AI score0.00455EPSS
Exploits1References4
CVE
CVE
added yesterday21 views

CVE-2026-46629

Twig: twig/intl-extra memoises IntlDateFormatter and NumberFormatter in unbounded per-template arguments, causing potential unbounded memory growth in long-running environments. Affected prior to 3.26.0; fix is to upgrade to Twig 3.26.0 or later (formatter caches bounded with FIFO). Debian adviso...

5.3CVSS6.1AI score0.00056EPSS
Exploits0References3
OSV
OSV
added yesterday5 views

ROOT-OS-UBUNTU-2404-CVE-2025-21956 CVE-2025-21956 in rootio-linux - Patched by Root

Root has patched CVE-2025-21956 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS6.9AI score0.002EPSS
Exploits0
OSV
OSV
added yesterday5 views

ROOT-OS-DEBIAN-13-CVE-2025-68339 CVE-2025-68339 in rootio-linux - Patched by Root

Root has patched CVE-2025-68339 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.4AI score0.00161EPSS
Exploits0
OSV
OSV
added yesterday8 views

ROOT-OS-DEBIAN-11-CVE-2026-31498 CVE-2026-31498 in rootio-linux - Patched by Root

Root has patched CVE-2026-31498 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
OSV
OSV
added yesterday10 views

ROOT-OS-DEBIAN-11-CVE-2026-43241 CVE-2026-43241 in rootio-linux - Patched by Root

Root has patched CVE-2026-43241 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

7.1CVSS5.8AI score0.00126EPSS
Exploits0
OSV
OSV
added yesterday6 views

ROOT-OS-DEBIAN-12-CVE-2024-26661 CVE-2024-26661 in rootio-linux - Patched by Root

Root has patched CVE-2024-26661 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS7.3AI score0.00225EPSS
Exploits0
Circl
Circl
added yesterday9 views

CVE-2026-15628

creationtimestamp| type| source ---|---|--- 2026-07-14 05:52:23+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqljbsldb52l...

6.5CVSS6.6AI score0.00219EPSS
Exploits0References1
NVD
NVD
added 2 days ago6 views

CVE-2026-61500

Rejetto HFS 3.0.0 through 3.2.0 derives its session-cookie signing key from the non-cryptographic Math.random generator and discloses outputs of the same generator to unauthenticated clients during login. A remote attacker can collect a small number of login responses, reconstruct the generator's...

9.8CVSS0.00747EPSS
Exploits0References2
Circl
Circl
added 2 days ago6 views

CVE-2026-12275

creationtimestamp| type| source ---|---|--- 2026-07-13 07:43:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqj6z3gyqz22 2026-07-14 00:00:15+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mqkvm5egav2z 2026-07-14 03:16:08+00:00| seen|...

7.1CVSS6.1AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43238

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15502 AojiaoZero Antaris PayPal IPN Payment ipn.php _rewardPurchase sql injection

A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument itemnumber results in sql injection. The attack may be performed from remote. The vendor was contacte...

6.5CVSS0.00196EPSS
Exploits0References4
Circl
Circl
added 4 days ago8 views

CVE-2026-9017

creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:53+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5ir7roy2w 2026-07-11 07:47:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6cypq4a2t...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References2
Circl
Circl
added 5 days ago7 views

CVE-2026-53653

creationtimestamp| type| source ---|---|--- 2026-07-10 18:20:38+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mqcra4ilol2c 2026-07-10 22:51:15+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdadyx4fk27 2026-07-10 23:35:17+00:00| seen|...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago8 views

Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
OSV
OSV
added 5 days ago3 views

MAL-2026-10133 Malicious code in stella-ai-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 936d3c8bc6611b58f5321ba5aab651bb3d2db821d172816283ca04633be00863 The stella CLI shipped in bin/stella.js prompts users for their phone number and the WhatsApp verification code and POSTs both to a hardcoded bare-IP...

6.2AI score
Exploits0References9
NVD
NVD
added 5 days ago7 views

CVE-2026-38059

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42908

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
CVE
CVE
added 5 days ago10 views

CVE-2026-38059

The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
Circl
Circl
added 5 days ago7 views

CVE-2026-13347

creationtimestamp| type| source ---|---|--- 2026-07-10 11:16:00+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqbzis5yut2y 2026-07-10 12:15:24+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-13347 2026-07-12 18:01:08+00:00| seen|...

7.5CVSS6.1AI score0.00512EPSS
Exploits0References3
Rows per page
Query Builder