Lucene search
K

1838 matches found

Nuclei
Nuclei
added yesterday17 views

FortiWLM - Directory Traversal

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. id: CVE-2023-34990 info: name: FortiWLM - Directory Traversal author: DhiyaneshDk severity: critical...

9.8CVSS7.7AI score0.24901EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-55607

A flaw was found in Claude Code, an agentic coding tool, in its handling of worktrees. This vulnerability allowed the creation of specially named worktrees and navigation outside of the intended secure environment, leading to what is known as a 'git directory confusion attack'. By manipulating...

8.8CVSS6.1AI score0.0071EPSS
Exploits0References4
OSV
OSV
added 4 days ago5 views

PYSEC-2026-564 OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection

In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...

9.1CVSS7.7AI score0.00763EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2026/06/26 1:31 a.m.8 views

CVE-2026-53160

A flaw was found in the Linux kernel's fastrpc component. A race condition in the fastrpcmapcreate function allows for a use-after-free vulnerability. This could enable an attacker to cause system instability, disclose sensitive information, or potentially execute unauthorized code...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.26 views

SolarView Compact 6.00 - OS Command Injection

SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php. id: CVE-2023-23333 info: name: SolarView Compact 6.00 - OS Command Injection author: Mr-xn severity: critical description: ...

9.8CVSS8.5AI score0.99273EPSS
Exploits9References5
NVD
NVD
added 2026/06/10 3:16 p.m.12 views

CVE-2026-53476

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS0.00291EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.11 views

Remote Desktop Client Remote Code Execution Vulnerability

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS7.2AI score0.00461EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.7 views

Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score0.00461EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/06/09 11:16 a.m.45 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 - Security Buffer Overflow Quick Usage...

9.8CVSS6.3AI score0.72253EPSS
Exploits31
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.9CVSS0.0082EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.8 views

CVE-2025-53870

An improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiAP 7.6.0 through 7.6.2, FortiAP 7.4.0 through 7.4.5, FortiAP 7.2 all versions, FortiAP 7.0 all versions, FortiAP 6.4 all versions, FortiAP-W2 7.4.0 through 7.4.4, FortiAP-W2...

6.7CVSS5.8AI score0.00561EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7299

Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...

6.3CVSS6.3AI score0.00341EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39814

A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may allow attacker to execute unauthorized code or commands via...

6.7CVSS5.7AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39812

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

4.8CVSS5.7AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-9208

Tanium addressed an unauthorized code execution vulnerability in Connect...

8.8CVSS6AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.8 views

CVE-2026-9207

Tanium addressed an unauthorized code execution vulnerability in Connect...

8.8CVSS6AI score0.00391EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

WordPress plugin Thim Core 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.7AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.10 views

CVE-2026-9038

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

8.6CVSS6.3AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 7:5 p.m.26 views

CVE-2026-9038 Stack-based buffer overflow in XCharge C6

A stack-based buffer overflow vulnerability in the charging controller’s signal-processing logic allows an attacker with physical access to the charging interface to supply message fields that exceed expected bounds. Because the input is not sufficiently validated, memory corruption may occur,...

8.6CVSS0.0023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:14 p.m.11 views

CVE-2026-44277

A improper access control vulnerability in Fortinet FortiAuthenticator 8.0.2, FortiAuthenticator 8.0.0, FortiAuthenticator 6.6.0 through 6.6.8, FortiAuthenticator 6.5.0 through 6.5.6 may allow attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS6.2AI score0.00551EPSS
Exploits0References1
Rows per page
Query Builder