Lucene search
K

12806 matches found

Nuclei
Nuclei
added 13 hours ago64 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago18 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS6.1AI score0.02663EPSS
Exploits3References1
Nuclei
Nuclei
added 13 hours ago119 views

Buffalo WSR-2533DHPL2 - Improper Access Control

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor. id: CVE-2021-20092 info: name: Buffalo WSR-2533DHPL2 - Improper Access Control author: gy741,pdteam,par...

9.8CVSS7.1AI score0.99983EPSS
Exploits5References5
Nuclei
Nuclei
added 13 hours ago18 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS6.3AI score0.06263EPSS
Exploits2References2
Nuclei
Nuclei
added 13 hours ago56 views

FREEDOM Administration - Default Login

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

10CVSS7.1AI score0.02329EPSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-15643

CVE-2026-15643 concerns AWS HealthLake MCP Server (awslabs.healthlake-mcp-server) prior to 0.0.14. A server-side request forgery in the pagination handling component can be exploited by a remote authenticated user to exfiltrate AWS temporary security credentials to an attacker-controlled endpoint...

9.2CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday23 views

CVE-2026-50489 Win32k Elevation of Privilege Vulnerability

...

8.8CVSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in omglucidesotuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Nuclei
Nuclei
added 4 days ago137 views

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

10CVSS7.3AI score0.9995EPSS
Exploits11References5
OSV
OSV
added 5 days ago2 views

CVE-2026-61450 Grav before 2.0.2 Config Exfiltration via offsetGet Filter

Grav before 2.0.2 contains a Twig sandbox bypass that allows a page author any admin.pages user, or anyone able to write to user/pages to exfiltrate configuration secrets. Although the sandbox replaces the 'config' variable with a redacted facade and strips Config::get/toArray from the method...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References4
Chainguard
Chainguard
added 5 days ago10 views

CVE-2026-53265 vulnerabilities

Vulnerabilities for packages: linux-azure, linux-gcp, linux-qemu, linux-qemu-melange...

7.8CVSS6.1AI score0.00129EPSS
Exploits0
Wolfi
Wolfi
added 5 days ago8 views

CVE-2026-14052 vulnerabilities

Vulnerabilities for packages: chromium...

4.3CVSS6.1AI score0.00221EPSS
Exploits0
Wolfi
Wolfi
added 5 days ago6 views

GHSA-X454-5847-5CWH vulnerabilities

Vulnerabilities for packages: chromium...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56960

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-57015

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0735 Description The C omni-completion script in runtime/autoload/ccomplete.vim fails to escape the typeref: or typename: extension fields of a tags entry when interpolating them into a :vimgrep pattern executed via...

8.4CVSS6.5AI score0.00137EPSS
Exploits0References16
OSV
OSV
added 2026/07/08 1:16 a.m.3 views

UBUNTU-CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS6.1AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 12:9 a.m.131 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS0.00177EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/08 12:9 a.m.4 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS6AI score0.00177EPSS
Exploits0
CERT
CERT
added 2026/07/08 12:0 a.m.5 views

Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls

Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...

7.5CVSS5.9AI score0.00303EPSS
Exploits0
OSV
OSV
added 2026/07/07 4:3 p.m.6 views

PYSEC-2026-1925 SKOPS Card.get_model happily allows arbitrary code execution

Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...

8.4CVSS6.6AI score0.00212EPSS
Exploits0References7
Rows per page
Query Builder