Lucene search
+L

1874 matches found

nuclei
nuclei
added 2 days ago81 views

Cockpit Web Console < 360 - Remote Code Execution

Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...

9.8CVSS6.9AI score0.142EPSS
Exploits4References3
nvd
nvd
added last week7 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS0.0034EPSS
Exploits0References1
vulnrichment
vulnrichment
added last week11 views

CVE-2026-56291 Joomla Extension - balbooa.com - Unauthenticated file upload in Balbooa Forms extension < 2.4.1

The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...

10CVSS6AI score0.00836EPSS
Exploits5References2
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.6 views

CVE-2026-52969 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52969 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.1AI score0.00152EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52977 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00122EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1. A patched version of the package is available...

7.8CVSS5.9AI score0.00138EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.7 views

CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-53035 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00172EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.5 views

CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52968 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

7.1CVSS6.1AI score0.00131EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2026/07/08 4:2 p.m.6 views

CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1

CVE-2026-52984 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.1AI score0.00128EPSS
Exploits0
patchstack
patchstack
added 2026/07/07 8:55 p.m.6 views

NPM: Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email

NPM: Better Auth has an account takeover issue via OAuth auto-link to unverified pre-registered email vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...

8.3CVSS5.9AI score0.00019EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2026/07/07 8:54 p.m.5 views

NPM: Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin

NPM: Better Auth vulnerable to unauthorized invitation acceptance via unverified email match in organization plugin vulnerability discovered by ? in WordPress Npm better-auth versions 1.6.11...

7.7CVSS5.9AI score0.00016EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1797 Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.9AI score0.00294EPSS
Exploits0References5
cvelist
cvelist
added 2026/07/03 8:19 p.m.34 views

CVE-2026-22555 Gitea organization forks can expose organization secrets without create permission

Gitea versions before 1.26.0 allow API users to fork a repository into an organization without first passing the CanCreateOrgRepo check, which can expose organization secrets...

8.1CVSS0.00304EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/07/02 11:16 a.m.10 views

CVE-2026-57764

Contributor Cross Site Scripting XSS in Surbma | Yoast SEO Breadcrumb Shortcode = 1.2 versions...

6.5CVSS5.8AI score0.00139EPSS
Exploits0References2
cbl_mariner
cbl_mariner
added 2026/07/01 2:6 a.m.6 views

CVE-2026-12505 affecting package cifs-utils for versions less than 7.6-1

CVE-2026-12505 affecting package cifs-utils for versions less than 7.6-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.7AI score0.00121EPSS
Exploits0
patchstack
patchstack
added 2026/06/30 7:50 p.m.5 views

WordPress RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin <= 6.0.9.1 - Cross-Site Request Forgery to Privilege Escalation vulnerability

Cross-Site Request Forgery to Privilege Escalation vulnerability discovered by ? in WordPress Plugin RegistrationMagic versions = 6.0.9.1...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-511 Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

9.8CVSS6AI score0.00741EPSS
Exploits0References6
osv
osv
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-510 Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

9.8CVSS6AI score0.00741EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/26 2:53 p.m.6 views

CVE-2026-57431

Author Cross Site Scripting XSS in Featured Image = 2.1 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/26 2:52 p.m.32 views

CVE-2026-56045 WordPress Automatic plugin < 3.135.1 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Automatic 3.135.1 versions...

7.1CVSS0.0018EPSS
Exploits0References1
Rows per page
Query Builder