Lucene search
K

666 matches found

Nuclei
Nuclei
added 18 hours ago91 views

Prismatic < 2.8 - Cross-Site Scripting

The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator id: CVE-2021-24409 info: name: Prismatic 2.8 - Cross-Site Scripting author: Harsh...

6.1CVSS6.4AI score0.01793EPSS
Exploits2References2
Nuclei
Nuclei
added 18 hours ago41 views

WordPress Simple Ajax Chat <20220116 - Sensitive Information Disclosure vulnerability

WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it. id: CVE-2022-27849 info: name: WordPress Simple Ajax...

7.5CVSS7AI score0.04619EPSS
Exploits0References5
NVD
NVD
added yesterday7 views

CVE-2026-5270

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...

9.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday34 views

CVE-2026-5270 Authentication Bypass in Navigator and Blue Planet Products

An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite NCS, Manage Control Plan MCP, and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate...

Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-5270

Technical details (affected product versions, components, root cause, exploitability, and fixes) are not publicly provided in the supplied documents. Monitor for updates from official sources (NVD, ENISA EUVD, CVE listings) for concrete mitigation guidance.

9.8CVSS6.1AI score
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/23 3:56 a.m.12 views

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws

OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative the artificial intelligence AI company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software...

7.5CVSS6.1AI score0.07237EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.9 views

PT-2026-31239

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creatives Planet Emphires emphires allows PHP Local File Inclusion.This issue affects Emphires: from n/a through = 3.9...

5.9AI score0.00381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/06 5:0 p.m.5 views

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS5.5AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 6:31 p.m.4 views

EUVD-2026-18799

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS5.5AI score0.00141EPSS
Exploits0References5
NVD
NVD
added 2026/04/03 4:16 p.m.5 views

CVE-2026-5471

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS0.00141EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/03 3:45 p.m.2 views

CVE-2026-5471 Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS5.5AI score0.00141EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/03 3:45 p.m.29 views

CVE-2026-5471 Investory Toy Planet Trouble App app.investory.toyfactory google-services-desktop.json hard-coded key

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument currentkey results in use of hard-coded cryptographi...

4.8CVSS0.00141EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Investory Toy Planet Trouble App 安全漏洞

Investory Toy Planet Trouble App is an educational adventure game app developed by Investory. Versions of Investory Toy Planet Trouble App prior to 1.5.5 contained a security vulnerability, which was caused by the use of a hardcoded encryption key for the parameter currentkey...

4.8CVSS5.8AI score0.00141EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30194

A vulnerability was detected in Investory Toy Planet Trouble App up to 1.5.5 on Android. Impacted is an unknown function of the file assets/google-services-desktop.json of the component app.investory.toyfactory. The manipulation of the argument current key results in use of hard-coded cryptograph...

4.8CVSS5.5AI score0.00141EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/13 11:42 a.m.2 views

CVE-2026-32392

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CreativesPlanet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through = 8.1...

5.8AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.7 views

PT-2026-25238

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Creatives Planet Greenly greenly allows PHP Local File Inclusion.This issue affects Greenly: from n/a through = 8.1...

5.8AI score0.00381EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/09 8:2 a.m.4 views

CVE-2026-3697

A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...

6.5CVSS6.3AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/08 3:30 a.m.5 views

EUVD-2026-10204

A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...

6.5CVSS7.1AI score0.00247EPSS
Exploits0References5
NVD
NVD
added 2026/03/08 2:16 a.m.6 views

CVE-2026-3697

A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...

6.5CVSS0.00247EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/08 1:32 a.m.7 views

CVE-2026-3697

A vulnerability was determined in Planet ICG-2510 1.020250811. The impacted element is the function sub40C8E4 of the file /usr/sbin/httpd of the component Language Package Configuration Handler. Executing a manipulation of the argument Language can lead to stack-based buffer overflow. The attack...

6.5CVSS7.1AI score0.00247EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder