Lucene search
+L

6219 matches found

Nuclei
Nuclei
added yesterday44 views

XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)

XWiki = 17.3.0 contains a server-side template injection caused by improper validation of Apache Velocity template code in the Administration interface HTTP Meta Info field, letting authenticated administrators execute arbitrary template logic. id: CVE-2025-51991 info: name: XWiki = 17.3.0 -...

8.8CVSS7.2AI score0.03366EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday133 views

Vendure - Arbitrary File Read

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

9.1CVSS7.1AI score0.59798EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday160 views

Angular-Base64-Upload - Remote Code Execution

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of...

9.8CVSS7.5AI score0.43683EPSS
Exploits5References4
CVE
CVE
added 3 days ago16 views

CVE-2026-15753

CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...

5.5CVSS5.9AI score0.00261EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-56168 Windows SMB Server Denial of Service Vulnerability

...

6.5CVSS0.0079EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-56159

CVE-2026-56159 is a heap-based buffer overflow in Windows DHCP Server that can allow an unauthenticated attacker to execute code over a network (remote code execution). The vulnerability is rated CRITICAL with Network attack vector and no explicit exploit details in the provided documents. Connec...

9.8CVSS6.3AI score0.00849EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-55016

CVE-2026-55016 is a SharePoint-related issue affecting Microsoft Office SharePoint, described as improper neutralization of input during web page generation (XSS) that enables spoofing over a network by an authorized attacker. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) yields a bas...

5.4CVSS6.1AI score0.00283EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 3 days ago22 views

CVE-2026-49787 HTTP.sys Denial of Service Vulnerability

...

7.5CVSS0.00834EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability

...

8.8CVSS0.00763EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago2 views

CVE-2026-48564 DHCP Server Service Remote Code Execution Vulnerability

...

8.8CVSS6.1AI score0.00763EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 3 days ago5 views

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS6.1AI score0.00921EPSS
Exploits0
OSV
OSV
added 3 days ago3 views

CVE-2026-52101

An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go...

9.1CVSS6.1AI score0.00389EPSS
Exploits0References4
NVD
NVD
added 4 days ago5 views

CVE-2026-62242

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS0.00283EPSS
Exploits0References5
Nuclei
Nuclei
added 4 days ago18 views

Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload

Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload caused by insufficient validation in the upload component, letting remote attackers upload malicious files, exploit requires no authentication. id: CVE-2018-9206 info: name: Blueimp jQuery-File-Upload v9.22.0 -...

9.8CVSS7.1AI score0.97107EPSS
Exploits15References4
RedHat Linux
RedHat Linux
added 2026/07/08 9:46 a.m.7 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS6.9AI score0.0014EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/07/08 9:25 a.m.9 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.8CVSS6.3AI score0.00643EPSS
Exploits0
EUVD
EUVD
added 2026/07/08 5:58 a.m.8 views

EUVD-2026-42177

An Improper Authentication vulnerability affecting DELMIA Apriso from Release 2020 through Release 2026 could allow an attacker to gain privileged access to the server...

9.8CVSS6AI score0.00326EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 3:25 p.m.16 views

CVE-2026-5268

Technical details about CVE-2026-5268 are not publicly provided in the supplied documents. No affected products, versions, root cause, or remediation are enumerated here. Monitor for updates and additional technical disclosures.

9.1CVSS6AI score0.0042EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2020-14844

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PS. Supported versions that are affected are 8.0.21 and prior. Easily exploitable...

6.8CVSS6AI score0.02183EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.14 views

PT-2026-54750

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated remote attacker can execute arbitrary OS commands on the server. The issue occurs because the translate text.php file passes the id GET parameter directly...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References5
Rows per page
Query Builder