Lucene search
K

252606 matches found

CVE
CVE
•added 2026/05/14 2:30 p.m.•17 views

CVE-2026-41937

Summary: CVE-2026-41937 affects Vvveb prior to 1.0.8.3. An unrestricted file upload in the plugin upload endpoint lets super_admin users craft a ZIP (plugin.php with a valid Slug header and public/index.php) that executes arbitrary PHP code as the web server user when accessed at the plugin’s pub...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References3
Microsoft Secure
Microsoft Secure
•added 2026/05/14 2:20 p.m.•10 views

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

6.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
•added 2026/05/14 2:20 p.m.•14 views

When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...

6.6AI score
Exploits0
GithubExploit
GithubExploit
•added 2026/05/14 2:7 p.m.•128 views

FortiGate-FortiWeb-Multi-Exploit-Extractor

FortiGate-FortiWeb-Multi-Exploit-Extractor markdown Fort...

9.8CVSS7.3AI score0.99999EPSS
Exploits61
IBM Security Bulletins
IBM Security Bulletins
•added 2026/05/14 1:48 p.m.•14 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

7.8CVSS7.6AI score0.00315EPSS
Exploits0Affected Software1
OSV
OSV
•added 2026/05/14 1:18 p.m.•5 views

GHSA-Q58J-G3F4-H26H CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5
Github Security Blog
Github Security Blog
•added 2026/05/14 1:18 p.m.•10 views

CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

Summary The GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.ref . Subsequently, it executes a script bin/console from this untrusted checkout. Thi...

8.2CVSS6.1AI score0.00433EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
•added 2026/05/14 1:9 p.m.•11 views

Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5Affected Software1
OSV
OSV
•added 2026/05/14 1:9 p.m.•6 views

GHSA-WMMV-VVG5-993Q Amazon Redshift Vulnerable to Remote Code Execution via Unsafe Class Loading

Summary Amazon Redshift JDBC Driver is a Type 4 JDBC driver that provides database connectivity through the standard JDBC application program interfaces APIs. An issue exists in versions prior to 2.2.2 where the driver could load arbitrary classes when processing certain connection URL parameters...

9.2CVSS6.4AI score0.00573EPSS
Exploits0References5
GithubExploit
GithubExploit
•added 2026/05/14 12:37 p.m.•118 views

Exploit for CVE-2026-42945

NGINX Rift RCE Exploit CVE-2026-42945 A professional Proof-...

9.2CVSS6.2AI score0.61469EPSS
Exploits40
RedHat Linux
RedHat Linux
•added 2026/05/14 12:9 p.m.•7 views

GIMP: GIMP: Arbitrary code execution via specially crafted PSD file

A flaw was found in GIMP. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted PSD Photoshop Document file. This flaw is due to an integer overflow during the parsing of PSD files, which can lead to arbitrary code execution, allowing the attacker to run...

7.8CVSS7.4AI score0.00755EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 12:9 p.m.•12 views

Important: Red Hat Security Advisory: gimp:2.8 security update

An update for the gimp:2.8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.4AI score0.00755EPSS
Exploits1References5
RedHat Linux
RedHat Linux
•added 2026/05/14 12:9 p.m.•9 views

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

7.8CVSS7.7AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
•added 2026/05/14 12:9 p.m.•13 views

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

7.8CVSS7.5AI score0.00596EPSS
Exploits0References6
OSV
OSV
•added 2026/05/14 12:3 p.m.•12 views

RLSA-2026:16484 Important: gimp security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:Memo...

7.8CVSS7.4AI score0.00755EPSS
Exploits1References7
Rockylinux
Rockylinux
•added 2026/05/14 12:3 p.m.•11 views

gimp security update

An update is available for gimp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The GIMP GNU Image Manipulation Program is an image composition and editing...

7.8CVSS6.2AI score0.00755EPSS
Exploits1
GithubExploit
GithubExploit
•added 2026/05/14 11:20 a.m.•95 views

Exploit for OS Command Injection in Insat Masterscada

!CVEhttps://img.shields.io/badge/CVE-2026--22553-Critical-red...

9.8CVSS6.4AI score0.01433EPSS
Exploits1
Information Security Automation
Information Security Automation
•added 2026/05/14 10:0 a.m.•10 views

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability

About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...

8.8CVSS6.8AI score0.9619EPSS
Exploits12
NVD
NVD
•added 2026/05/14 7:16 a.m.•15 views

CVE-2026-6271

The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV upload handler. This is due to missing file type validation. This makes it possible for unauthenticated attackers to upload files that may be executable, which makes...

9.8CVSS0.00665EPSS
Exploits1References4
GithubExploit
GithubExploit
•added 2026/05/14 6:58 a.m.•81 views

Exploit for CVE-2026-44403

Wing FTP Server v8.1.2 contains a Remote Code Execution RCE vu...

8.6CVSS6.1AI score0.02643EPSS
Exploits5
Rows per page
Query Builder