Lucene search
K

771 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 9:16 p.m.3 views

CVE-2019-25651

Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...

9CVSS5.8AI score0.0008EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 2:25 p.m.5 views

CVE-2021-27454

The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 all firmware versions prior to 02A04.1...

7.8CVSS7AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27516

Name of the Vulnerable Software and Affected Versions ActiveMatrix BusinessWorks and Enterprise Administrator affected versions not specified Description The software contains injection flaws stemming from inadequate validation or sanitization of user-provided input. This can lead to the disclosu...

8.7CVSS5.8AI score0.00333EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.9 views

EulerOS Virtualization 2.12.0 : krb5 (EulerOS-SA-2026-1491)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesse...

5.9CVSS5.8AI score0.00293EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.10 views

WordPress plugin Preschool and Kindergarten 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

5.3CVSS5.8AI score0.00214EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/10 12:0 a.m.19 views

MCP-In-SoS: Risk Assessment Framework for Open-Source MCP Servers

Model Context Protocol MCP servers have rapidly emerged over the past year as a widely adopted way to enable Large Language Model LLM agents to access dynamic, real-world tools. As MCP servers proliferate and become easy to adopt via open-source releases, understanding their security risks become...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.5 views

CVE-2025-14480

IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

7.5CVSS5.9AI score0.00167EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/01 12:0 a.m.2 views

Quantifying Frontier LLM Capabilities for Container Sandbox Escape

Large language models LLMs increasingly act as autonomous agents, using tools to execute code, read and write files, and access networks, creating novel security risks. To mitigate these risks, agents are commonly deployed and evaluated in isolated "sandbox" environments, often implemented using...

6AI score
Exploits0
IBM AIX
IBM AIX
added 2026/02/18 8:49 a.m.9 views

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-40778 CVE-2025-40780 CVE-2025-8677)

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:49:11 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory29.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-40778, CVE-2025-40780,...

8.6CVSS5.7AI score0.1096EPSS
Exploits1
Packet Storm
Packet Storm
added 2026/02/17 12:0 a.m.174 views

📄 Extensis Portfolio Manager 4.0.1 Shell Upload

This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...

8.8CVSS6.4AI score0.01284EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.6 views

GitLab 18.4 < 18.4.4 / 18.5 < 18.5.2 (CVE-2025-11990)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting...

3.5CVSS5.7AI score0.00263EPSS
Exploits0References5
hivepro
hivepro
added 2026/02/10 3:51 a.m.8 views

Exposure Management vs Vulnerability Management: Key Differences

Is your security program truly reducing risk, or is it just getting really good at patching? This question is at the heart of the exposure management vs vulnerability management debate. A traditional approach can tell you that a door has a weak lock, but it can't tell you if that door leads to a...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

RHEL 8 : php:7.4 (RHSA-2026:2470)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2470 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap...

9.8CVSS6.2AI score0.02286EPSS
Exploits10References29
RedhatCVE
RedhatCVE
added 2026/02/04 1:20 p.m.3 views

CVE-2026-1065

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

7.2CVSS5.5AI score0.00338EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.11 views

WordPress plugin TaxCloud for WooCommerce has security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

6.5CVSS5.8AI score0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4216

Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through = 3.3...

5.4AI score0.00229EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/01/20 12:0 a.m.9 views

Unpacking Security Scanners for GitHub Actions Workflows

GitHub Actions is a widely used platform that allows developers to automate the build and deployment of their projects through configurable workflows. As the platform's popularity continues to grow, it has become a target of choice for recent software supply chain attacks. These attacks exploit...

5.6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/01/14 2:24 p.m.162 views

exploit-chain-generator

Exploit Chain Generator Turn Noise into Signal: Correlate...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2025-41078

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the...

8.7CVSS7AI score0.00205EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/12 2:59 p.m.5 views

CVE-2025-41078 Multiple vulnerabilities in Viafirma products

Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the...

8.7CVSS6.6AI score0.00205EPSS
Exploits0References1
Rows per page
Query Builder