Lucene search
K

40582 matches found

Nuclei
Nuclei
added 4 hours ago31 views

Arcserve Unified Data Protection - Authentication Bypass

An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin function within wizardLogin. id: CVE-2024-0799 info: name: Arcserve Unified Data Protection -...

9.8CVSS7.1AI score0.04342EPSS
Exploits1References2
Nuclei
Nuclei
added 4 hours ago107 views

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

5.4CVSS6.7AI score0.09619EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday6 views

kernel: md/bitmap: fix GPF in write_page caused by resize race

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

4.7CVSS6.1AI score0.00091EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday249 views

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

9.8CVSS7.1AI score0.78812EPSS
Exploits7References4
CVE
CVE
added yesterday9 views

CVE-2026-15528

CVE-2026-15528 affects lamaalrajih/kicad-mcp up to 3.3.1. The vulnerability is in kicad_mcp/utils/path_validator.py where manipulating the arguments project_path or schematic_path causes a protection mechanism failure. Local exploitation is required, and the exploit has been made public. The proj...

4.8CVSS5.8AI score0.00113EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday20 views

CVE-2026-15528 lamaalrajih kicad-mcp path_validator.py protection mechanism

A vulnerability was found in lamaalrajih kicad-mcp up to 3.3.1. This issue affects some unknown processing of the file kicadmcp/utils/pathvalidator.py. Performing a manipulation of the argument projectpath/schematicpath results in protection mechanism failure. Attacking locally is a requirement...

4.8CVSS0.00113EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43091

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

6.1AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-11915

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

5.9CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-11915

The CVE-2026-11915 entry concerns Drupal Brute force attack protection where a vulnerability exists in the Brute force attack protection module affecting versions . . The NVD/NVDC and related records describe the issue as a vulnerability in the Drupal brute-force protection mechanism with impact ...

5.9CVSS6.1AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-11915 Brute force attack protection - Critical - Unsupported - SA-CONTRIB-2026-047

vulnerability in Drupal Brute force attack protection allows . This issue affects Brute force attack protection versions:...

0.00153EPSS
Exploits0References1
Metasploit
Metasploit
added 4 days ago22 views

FTP Fetch, Windows shellcode stage, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an FTP server. Custom shellcode stage. Listen for a connection No NX Module Options msf use payload/cmd/windows/ftp/x86/custom/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago24 views

FTP Fetch, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an FTP server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago19 views

FTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x86/patchupdllinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show...

6.2AI score
Exploits0
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-53450 Coturn: IPv4-mapped 127.0.0.1 bypasses default loopback peer protection

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, coturn rejects loopback peers by default unless allow-loopback-peers is enabled, but the default loopback guard can be bypassed by using the IPv4-mapped IPv6 peer address ::ffff:127.0.0.1 in a TURN...

7.4CVSS0.00287EPSS
Exploits0References2
Snyk
Snyk
added 4 days ago5 views

Protection Mechanism Failure

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Protection Mechanism Failure in the AgentFlow.resolvepydanticclass process. An attacker can execute arbitrary Python code with the privilege...

8.5CVSS6.3AI score0.00129EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-38057

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-22660 FlaskBB Logic Flaw Authorization Group Deletion via Bulk AJAX Endpoint

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS0.00328EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42877

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS6AI score0.00328EPSS
Exploits0References3
CVE
CVE
added 4 days ago6 views

CVE-2026-12955

The CVE-2026-12955 entry describes a vulnerability in the GDPR Cookie Consent plugin for WordPress (versions up to 4.3.6) where missing capability checks and nonce verification in the gdpr_cookie_consent_ajax_save_schedule_scan() function (wp_ajax_gcc_save_schedule_scan) allow authenticated users...

4.3CVSS6.1AI score0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-14475 Cookie Banner for GDPR / CCPA <= 4.3.6 - Authenticated (Administrator+) SQL Injection via 'scan_id' Parameter

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scanid' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

4.9CVSS0.00294EPSS
Exploits0References7
Rows per page
Query Builder