Lucene search
K

5131 matches found

Nuclei
Nuclei
added yesterday11 views

OpenCATS - Command Injection

OpenCATS prior to commit 3002a29 contains a command injection caused by injection of PHP statements into the installer AJAX endpoint's databaseConnectivity action parameter, letting unauthenticated attackers execute arbitrary code, exploit requires incomplete installation wizard. id: CVE-2026-277...

9.2CVSS6.3AI score0.22189EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday11 views

URL Shortify <= 1.12.1 - Open Redirect

The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirectto' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentiall...

4.7CVSS6.1AI score0.00592EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday29 views

Glances - Information Disclosure

Glances 4.5.2 contains an information disclosure vulnerability caused by the web server running without authentication by default, letting remote attackers access sensitive system information including credentials, exploit requires no special privileges. id: CVE-2026-32596 info: name: Glances -...

8.7CVSS7AI score0.0155EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-39822

A flaw was found in the os.Root functionality of Go on Unix systems. This vulnerability allows an attacker to bypass intended directory restrictions by crafting a path that ends with a symbolic link and a trailing slash. When a file is opened in os.Root with such a path, the symbolic link is...

7.8CVSS6AI score0.00181EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.5 views

FreeBSD : traefik -- Multiple vulnerabilities (803b9816-77af-11f1-ba71-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 803b9816-77af-11f1-ba71-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...

10CVSS6AI score0.00346EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.11 views

Debian dsa-6381 : ata-modules-6.12.90+deb13-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6381 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6381-1 [email protected] https://www.debian.org/securit...

9.8CVSS6.6AI score0.00497EPSS
Exploits5References52
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53915

Name of the Vulnerable Software and Affected Versions OpenAPI.NET versions 2.0.0-preview11 through 2.7.4 OpenAPI.NET versions 3.0.0 through 3.5.3 Description An issue in the parsing of OpenAPI documents can lead to process termination due to a stack overflow when a document contains a circular...

7.5CVSS5.9AI score0.00695EPSS
Exploits0References11
OSV
OSV
added 2026/06/26 12:3 p.m.6 views

RLSA-2026:29981 Moderate: golang security, bug fix, and enhancement update

The golang packages provide the Go programming language compiler. Security Fixes: net/textproto: golang: Golang net/textproto: Misleading error messages via input injection CVE-2026-42507 Bug Fixes and Enhancements: Update Go to version 1.26.4+1 rhel-9.8.z JIRA:Rocky Linux-183350 For more details...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 5:8 a.m.9 views

Important: Red Hat Security Advisory: python3.14 security, bug fix, and enhancement update

An update for python3.14 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.1CVSS6.4AI score0.0029EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.8 views

AlmaLinux 10 : python3.14 (ALSA-2026:28581)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28581 advisory. python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open API CVE-2026-4786 python: Python: Cross-Site Scripting XSS...

7.1CVSS6.4AI score0.0029EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/22 12:18 p.m.8 views

CVE-2026-42573

A flaw was found in Svelte, a web framework. An attacker could exploit a DOM clobbering vulnerability, which allows manipulation of the Document Object Model DOM to overwrite internal framework state on elements. This could potentially lead to Cross-Site Scripting XSS attacks, enabling the attack...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 5:4 p.m.2 views

SUSE-SU-2026:22185-1 Security update for dovecot24

This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines bsc1265146. - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40016: Sieve: contains/: matches ONxM substring...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2026/06/16 9:5 p.m.9 views

Daytona: Public sandbox previews remain accessible for up to one hour after being made private

Summary Sandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed. Impact When a sandbox owner changed a preview from...

7CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:2326-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2326-1 advisory. This update for go1.25 fixes the following issues Update to go1.25.11 bsc1244485: - CVE-2026-27145: crypto/x50...

7.5CVSS6.8AI score0.00939EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLES15 Security Update : vim (SUSE-SU-2026:2313-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2313-1 advisory. This update for vim fixes the following issues - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file...

7.8CVSS6.3AI score0.00917EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.13 views

SUSE SLED15 / SLES15 Security Update : go1.26 (SUSE-SU-2026:2327-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2327-1 advisory. This update for go1.26 fixes the following issues Update to go1.26.4 bsc1255111: - CVE-2026-27145: crypto/x509...

7.5CVSS6.3AI score0.00939EPSS
Exploits0References11
OSV
OSV
added 2026/06/12 8:7 p.m.9 views

GHSA-3P42-W5CH-GG42 TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities

Problem Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attack...

5.3CVSS5.3AI score0.00294EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 7:32 p.m.8 views

GHSA-QCMW-6RM2-5X78 TYPO3 CMS has Broken Access Control in its DataHandler

Problem Backend users were able to move records to a different page without having edit permissions on the source page. Solution Update to TYPO3 versions 13.4.31 LTS, 14.3.3 LTS that fix the problem described. Credits TYPO3 CMS thanks Hyunseo Shin for reporting this issue, and TYPO3 security team...

5.3CVSS5.3AI score0.00238EPSS
Exploits0References7
OSV
OSV
added 2026/06/12 7:9 p.m.10 views

GHSA-CHM7-4VCH-H8VR TYPO3 CMS has Broken Access Control in its Media Module

Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files...

7.1CVSS5.2AI score0.00313EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.13 views

SUSE CVE-2026-6322

fast-uri normalize decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator...

7.5CVSS5.4AI score0.00475EPSS
Exploits0References3
Rows per page
Query Builder