Lucene search
+L

8556 matches found

nuclei
nuclei
added yesterday130 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.6AI score0.04055EPSS
Exploits1References2
nuclei
nuclei
added yesterday20 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.02574EPSS
Exploits6References4
nuclei
nuclei
added yesterday64 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS6.1AI score0.01833EPSS
Exploits1References2
osv
osv
added yesterday2 views

UBUNTU-CVE-2026-61863

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memo...

7.5CVSS6.1AI score0.00102EPSS
Exploits0References3
euvd
euvd
added 2 days ago4 views

EUVD-2026-44796

CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...

7.1CVSS6.1AI score0.00213EPSS
Exploits0References1
github
github
added 2 days ago5 views

MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator

MantisBT 2.28.3 and earlier contains a critical authentication bypass in the SOAP API's mcichecklogin function. Any user knowing any valid cookiestring can authenticate as any other user knowing their username, including the administrator, without knowing the target's password. The vulnerability ...

6.1AI score
Exploits0References4Affected Software1
euvd
euvd
added 2 days ago4 views

EUVD-2026-44620

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...

2.5CVSS6.1AI score0.00096EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago29 views

CVE-2026-61864 ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...

2.9CVSS0.00102EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2 days ago7 views

PT-2026-60234

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Enterprise versions prior to 9.3.14 Splunk Cloud Platform versio...

7.2CVSS6.1AI score0.00381EPSS
Exploits0References4
cve
cve
added 3 days ago28 views

CVE-2026-45305

Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...

8.7CVSS6.1AI score0.0075EPSS
Exploits0References6Affected Software1
nessus
nessus
added 3 days ago7 views

Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code...

7.8CVSS6.4AI score0.00297EPSS
Exploits0References6
nessus
nessus
added 3 days ago8 views

Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary co...

7.8CVSS6.4AI score0.00297EPSS
Exploits0References6
nessus
nessus
added 3 days ago6 views

Adobe Audition < 25.6.6 / 26.0 < 26.3 Multiple Vulnerabilities (APSB26-71) (macOS)

The version of Adobe Audition installed on the remote macOS host is prior to 25.6.6, 26.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-71 advisory. - Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution i...

7.8CVSS6.2AI score0.00197EPSS
Exploits0References7
cve
cve
added 4 days ago31 views

CVE-2026-48364

CVE-2026-48364 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the impact is ...

8.2CVSS6.5AI score0.00158EPSS
Exploits0References1Affected Software1
osv
osv
added 4 days ago4 views

CVE-2026-55773 CedarJava has a policy injection vulnerability

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 2.3.6, 3.4.1 and 4.9.0, under certain circumstances, improper input handling could allow Cedar-expression injection via unescaped toCedarExpr. The...

8.8CVSS6.1AI score0.00294EPSS
Exploits0References3
cve
cve
added 4 days ago8 views

CVE-2026-57408

CVE-2026-57408 affects the WordPress Peach Payments Gateway plugin wc-peach-payments-gateway

6.5CVSS6.1AI score0.00242EPSS
Exploits0References1
cve
cve
added last week97 views

CVE-2026-57219

RabbitMQ suffers an unauthenticated disclosure vulnerability in the management API: the obsolete GET /api/auth endpoint can reveal the OAuth 2 client secret on installations configured with management.oauth_client_secret prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6. The issue arises when ...

8.7CVSS6.1AI score0.00359EPSS
Exploits0References6Affected Software1
cve
cve
added last week45 views

CVE-2026-59792

CVE-2026-59792 affects JetBrains IntelliJ IDEA prior to 2026.1.4, with a path-traversal weakness in project workspace ID handling that could enable code execution. The connected sources corroborate a 2026.2-era code execution claim tied to this path traversal issue. The available documents do not...

9.8CVSS6.4AI score0.00424EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2026/07/10 12:0 a.m.9 views

Coder < 2.29.7 / 2.30.x < 2.30.2 Workspace Auto-Creation Without Consent (CVE-2026-44454)

The version of Coder installed on the remote host is prior to 2.29.7 or 2.30.x prior to 2.30.2. It is, therefore, affected by a command injection vulnerability. The dotfiles registry module passed unsanitized user input to shell commands, enabling arbitrary code execution inside provisioned...

8.8CVSS6.5AI score0.02642EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/07/09 10:4 p.m.6 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier contains a cross-site request forgery vulnerability that allows unauthenticated attackers to modify administrator configuration by tricking a logged-in administrator into submitting a forged POST request to the admin.php config update handler, which never invokes...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References3
Rows per page
Query Builder