Lucene search
K

215 matches found

Nuclei
Nuclei
added yesterday20 views

WordPress UIX Shortcodes <= 1.9.7 - Unauthenticated Shortcode Execution

The The Uix Shortcodes – Compatible with Gutenberg plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.9. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode...

7.3CVSS6.4AI score0.01411EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42722

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Langflow < 1.9.2 Multiple Vulnerabilities

The version of Langflow installed on the remote host is prior to 1.9.2. It is, therefore, affected by multiple vulnerabilities: - The Shareable Playground feature enables execution of workflows by unauthenticated users. When the route /api/v1/buildpublictmp executes a flow, it allows providing...

9.6CVSS6.3AI score0.00688EPSS
Exploits2References4
OSV
OSV
added 2026/07/02 9:14 p.m.3 views

GHSA-RH62-J648-G5QC Recce server has unauthenticated SQL execution that allows local file read/write through DuckDB

Impact Recce OSS server deployments that expose the server to an untrusted network without authentication are vulnerable to unauthenticated SQL execution through the query run API. When Recce is configured with a DuckDB-backed project, an attacker can use DuckDB filesystem primitives to read and...

7.8CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/07/01 5:16 p.m.5 views

CVE-2026-34116

Guardian language-system passes the id GET parameter directly into a PHP exec call in transcribe.php line 15 without sanitization: exec"php jobs/transcribe.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS0.00549EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:39 p.m.9 views

CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...

9.8CVSS6.5AI score0.00963EPSS
Exploits1References4Affected Software1
The Hacker News
The Hacker News
added 2026/06/30 3:47 p.m.11 views

Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints

Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner. The activity has been found to weaponize CVE-2026-33017 CVSS score: 9.3, an unauthenticated remote code execution RCE vulnerability in Langflow,...

9.8CVSS8.1AI score0.98191EPSS
Exploits20
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

FreeBSD : rclone -- Unauthenticated command execution in `rclone rcd --rc-serve` via inline remote instantiation (0f3342e3-73ba-11f1-910d-3c7c3fba4204)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0f3342e3-73ba-11f1-910d-3c7c3fba4204 advisory. https://github.com/rclone/rclone/security/advisories/GHSA-qw24-gh76-8rvv reports: Rclone is a...

9.8CVSS5.9AI score0.00701EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-311 ChromaDB Python project has a pre-authentication code injection vulnerability

A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trustremotecode set to true in...

10CVSS6.1AI score0.12387EPSS
Exploits2References6
RedhatCVE
RedhatCVE
added 2026/06/19 9:33 a.m.9 views

CVE-2026-49121

A flaw was found in AI Tensor Engine for ROCm AITER. This vulnerability allows unauthenticated remote attackers to execute arbitrary code by sending a specially crafted data package, known as a pickle payload, to a ZeroMQ ZMQ subscriber socket. This exploitation is possible due to a lack of...

9.8CVSS6.6AI score0.01104EPSS
Exploits1References6
EUVD
EUVD
added 2026/06/17 3:5 p.m.10 views

EUVD-2026-37740

picklescan before 1.0.1 contains an unsafe deserialization vulnerability allowing unauthenticated users to execute arbitrary code by hiding eval calls nested under callable objects via getattr. Attackers can embed malicious code in pickle files that evades detection but executes when the pickle i...

9.8CVSS6AI score0.00519EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 8:0 p.m.21 views

CVE-2026-42851

CVE-2026-42851 (Kitty terminal) : In versions prior to 0.47.0, a program that writes bytes to a Kitty terminal can trigger execution of attacker-supplied Python inside the Kitty process with the user’s privileges. This is a local issue with high impact to confidentiality, integrity, and availabil...

7.8CVSS5.6AI score0.00164EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 9:2 p.m.8 views

CVE-2026-34417 OSCAL-GUI Reflected XSS via project parameter in oscal-forms.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.12 views

WordPress plugin Insert PHP 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

9.8CVSS6AI score0.00559EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

9.8CVSS7.6AI score0.13789EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.11 views

CVE-2019-25729 PDF Signer 3.0 Server-Side Template Injection RCE via CSRF Cookie

PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...

9.8CVSS6.1AI score0.00258EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/30 7:17 a.m.98 views

Exploit for CVE-2025-9074

CVE-2025-9074: Docker Engine API Unauthenticated RCE Seve...

9.3CVSS6.4AI score0.01594EPSS
Exploits15
CVE
CVE
added 2026/05/29 10:52 a.m.27 views

CVE-2025-41272

The CVE-2025-41272 entry describes a CWE-78 OS Command Injection in the Waterfall WF-500 TX and RX Hosts Console WebUI (version 7.9.1.0 R2502171040). The vulnerability allows remote unauthenticated attackers to execute arbitrary operating system commands on the device through the Console WebUI, i...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/29 7:20 a.m.7 views

SUSE-SU-2026:2108-1 Security update for samba

This update for samba fixes the following issues - CVE-2026-2340: vfsworm does not block directory modification bsc1261158. - CVE-2026-3238: unauthenticated udp packet crashes AD DC nbt server bsc1261160. - CVE-2026-4408: Remote Code Execution in SAMR bsc1261163. - CVE-2026-4480: Unauthenticated...

9.8CVSS5.9AI score0.12797EPSS
Exploits9References10
GithubExploit
GithubExploit
added 2026/05/28 4:45 p.m.85 views

Exploit for Deserialization of Untrusted Data in Facebook React

HTB: Reactor !Difficultyhttps://img.shields.io/badge/Diffi...

10CVSS7.9AI score0.99562EPSS
Exploits374
Rows per page
Query Builder