Lucene search
K

12796 matches found

Nuclei
Nuclei
added 18 hours ago119 views

Buffalo WSR-2533DHPL2 - Improper Access Control

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor. id: CVE-2021-20092 info: name: Buffalo WSR-2533DHPL2 - Improper Access Control author: gy741,pdteam,par...

9.8CVSS7.1AI score0.99983EPSS
Exploits5References5
Nuclei
Nuclei
added 18 hours ago53 views

FREEDOM Administration - Default Login

The Web GUI configuration panel of Hirsch formerly Identiv and Viscount Enterphone MESH through 2024 ships with default credentials username freedom, password viscount. The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires ma...

10CVSS7.1AI score0.02303EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago63 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added 18 hours ago15 views

Frontend File Manager < 21.3 - Unauthenticated File Renaming

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server id:...

5.3CVSS6.3AI score0.06199EPSS
Exploits2References2
Nuclei
Nuclei
added 18 hours ago18 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS6.1AI score0.02663EPSS
Exploits3References1
Nuclei
Nuclei
added 2 days ago129 views

Adobe ColdFusion - Unrestricted File Upload Remote Code Execution

Adobe ColdFusion versions July 12 release 2018.0.0.310739, Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. id: CVE-2018-15961 info: name: Adobe ColdFusion - Unrestricted File Upload...

10CVSS7.3AI score0.9995EPSS
Exploits11References5
Chainguard
Chainguard
added 3 days ago8 views

CVE-2026-53265 vulnerabilities

Vulnerabilities for packages: linux-qemu-melange, linux-azure, linux-qemu, linux-gcp...

7.8CVSS6.1AI score0.00129EPSS
Exploits0
Wolfi
Wolfi
added 3 days ago7 views

CVE-2026-14052 vulnerabilities

Vulnerabilities for packages: chromium...

4.3CVSS6.1AI score0.00221EPSS
Exploits0
Wolfi
Wolfi
added 3 days ago5 views

GHSA-X454-5847-5CWH vulnerabilities

Vulnerabilities for packages: chromium...

6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56960

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS6.1AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-57015

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0735 Description The C omni-completion script in runtime/autoload/ccomplete.vim fails to escape the typeref: or typename: extension fields of a tags entry when interpolating them into a :vimgrep pattern executed via...

8.4CVSS6.5AI score0.00137EPSS
Exploits0References4
OSV
OSV
added 5 days ago1 views

UBUNTU-CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago119 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

4.2CVSS0.00177EPSS
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-59997

internal-sftp in sshd in OpenSSH before 10.4 recognizes only the first 9 command-line arguments, which can be important if a later command-line argument would have helped to ensure the intended security properties of an SFTP connection...

5.4CVSS6AI score0.00177EPSS
Exploits0
CERT
CERT
added 5 days ago5 views

Adalo Database API Enables Cross-App User Data Extraction via Over-Fetching and Missing Authorization Controls

Overview Adalo’s no‑code application platform exposes complete user records through its database API for all applications built on both V1 and V2. Due to a platform-level flaw, authenticated users can retrieve full user data belonging to any Adalo application, regardless of configuration. This...

7.5CVSS5.9AI score0.00303EPSS
Exploits0
OSV
OSV
added 6 days ago6 views

PYSEC-2026-1925 SKOPS Card.get_model happily allows arbitrary code execution

Summary The Card class of skops, used for model documentation and sharing, allows arbitrary code execution. When a file other than .zip is provided to the Card class during instantiation, the internally invoked Card.getmodel method silently falls back to joblib without warning. Unlike the .skops...

8.4CVSS6.6AI score0.00212EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/07/06 8:42 p.m.5 views

Langroid: handle_message() executes user-supplied tool JSON without sender verification

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate...

8.1CVSS6AI score0.00392EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/07/06 8:28 p.m.5 views

CVE-2026-8932

A flaw was found in curl. The libcurl library, used for transferring data with URLs, could improperly reuse existing network connections. This occurred even when changes to mutual Transport Layer Security mTLS settings, particularly those for client certificates, should have prevented such reuse...

7.5CVSS6AI score0.00368EPSS
Exploits1References6
EUVD
EUVD
added 2026/07/06 8:16 p.m.6 views

EUVD-2026-25018

id: groups= computed from real GID instead of effective GID...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/06 8:16 p.m.6 views

EUVD-2026-24988

mkdir: -m exposes directory with umask perms before chmod race window...

3.3CVSS5.9AI score0.00102EPSS
Exploits0References5
Rows per page
Query Builder