Lucene search
K

812 matches found

NVD
NVD
added 2026/05/29 11:16 a.m.11 views

CVE-2026-9557

A Server-Side Request Forgery SSRF vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary...

6.4CVSS0.00138EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 9:38 a.m.16 views

CVE-2026-9557

CVE-2026-9557 describes a Server-Side Request Forgery (SSRF) in Mautic’s Focus component. The root cause is insufficient validation of user-supplied URLs, allowing an authenticated user to cause the hosting server to perform outbound HTTP requests. This can enable internal network reconnaissance ...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 9:38 a.m.36 views

CVE-2026-9557

A Server-Side Request Forgery SSRF vulnerability exists in Mautic's Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hosting server, enabling internal network reconnaissance or forcing requests to arbitrary...

6.4CVSS0.00138EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 9:16 a.m.13 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 7:59 a.m.12 views

CVE-2026-10052 Quay/config-tool: quay/config-tool: ssrf via unfiltered ldap and smtp config validation endpoints

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:59 a.m.9 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References3
CVE
CVE
added 2026/05/29 7:59 a.m.20 views

CVE-2026-10052

The CVE-2026-10052 entry describes a flaw in Quay config-tool where LDAP and SMTP validation endpoints can initiate outbound connections to user-supplied endpoints. With config editor access, an attacker can trigger requests from the Quay pod, enabling potential internal network reconnaissance an...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 7:59 a.m.9 views

CVE-2026-10052

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44761

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

4.1CVSS5.8AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-44801

Name of the Vulnerable Software and Affected Versions Mautic affected versions not specified Description A Server-Side Request Forgery SSRF exists in the Focus component. Due to insufficient validation of user-supplied URLs, an authenticated user can trigger outbound HTTP requests from the hostin...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/05/27 3:19 p.m.115 views

wingman

/|\ / | ...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/26 12:20 p.m.111 views

Exploit for CVE-2007-2447

🛡️ Metasploitable2 Vulnerability Assessment Author: Jaden Julius...

6CVSS7.7AI score0.49759EPSS
Exploits15
GithubExploit
GithubExploit
added 2026/05/26 8:41 a.m.84 views

AI_AutoExploitGeneration

🎯 AI-POWERED AUTOMATED EXPLOIT GENERATION AEG SYSTEM Vers...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 10:0 p.m.14 views

Malicious code in json-to-simple-graphql-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9998f4fd6abaaefcf6bd610ce0b558f0e1eb22c9d4dae07a111c27cc7f7322c The package contains a poc.js script that collects host reconnaissance data os.hostname, os.platform, output of whoami via childprocess and POSTs it ...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/25 10:0 p.m.10 views

MAL-2026-4590 Malicious code in json-to-simple-graphql-schema (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b9998f4fd6abaaefcf6bd610ce0b558f0e1eb22c9d4dae07a111c27cc7f7322c The package contains a poc.js script that collects host reconnaissance data os.hostname, os.platform, output of whoami via childprocess and POSTs it ...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/25 2:15 p.m.8 views

MAL-2026-4685 Malicious code in tempo-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6790e6e83af71238b9773ae49568f5374d094d23d1a7247ef4560d645ef64024 The package contains a file poc.js that imports os, https, fs, and childprocess; collects host identifiers including os.hostname, os.platform, and th...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 1:48 p.m.14 views

Malicious code in itc-actors-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 22687e1f7601dde1753d3775925d62d040892631394937e56e9b9fba74fb85c6 The package contains callback.js which collects host identifiers and user information os.hostname, os.userInfo, os.platform, cwd and transmits them v...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/24 12:0 a.m.30 views

APT-Agent: Automated Penetration Testing Using Large Language Models

Penetration testing is essential to securing modern web infrastructures, yet traditional manual methods struggle to keep pace with their scale and complexity. Large Language Models LLMs offer new opportunities for automating these tasks, but existing approaches face two persistent challenges:...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 7:52 p.m.12 views

Malicious code in pg-expense-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/22 7:52 p.m.11 views

MAL-2026-4639 Malicious code in pg-expense-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d1d939ad3f0e8e9754bf3562f06692713a76d5c0f18ac13c956f9cb199ed0fbf On require/load, index.js unconditionally collects host identifiers hostname, username, platform, arch, cwd, pid and sends them as URL query paramete...

5.9AI score
Exploits0References1
Rows per page
Query Builder