Lucene search
K

2156 matches found

Nuclei
Nuclei
•added yesterday•32 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
Circl
Circl
•added 2 days ago•6 views

CVE-2026-48956

creationtimestamp| type| source ---|---|--- 2026-07-07 20:48:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3i3hz3pq27 2026-07-08 14:15:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mq5claiknt2n...

6.4CVSS5.9AI score0.0025EPSS
Exploits0References2
Nuclei
Nuclei
•added 2 days ago•31 views

ChurchCRM - API Authentication Bypass via URL Injection

ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...

9.1CVSS5.9AI score0.01351EPSS
Exploits0References1
EUVD
EUVD
•added 2 days ago•4 views

EUVD-2025-210439

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
•added 2 days ago•6 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References7
Positive Technologies
Positive Technologies
•added 2 days ago•7 views

PT-2026-56238

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description A heap buffer underread exists in the clean metalink string function within src/metalink.c. This occurs when the software processes a Metalink document containing a URL consisting only of whitespac...

8.7CVSS6.1AI score0.00351EPSS
Exploits0References4
RedHat Linux
RedHat Linux
•added 3 days ago•7 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References5
OSV
OSV
•added 3 days ago•4 views

PYSEC-2026-914 Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks

scripts/inspectwebbrowser.py in Reddit Terminal Viewer RTV 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...

8.8CVSS6AI score0.0122EPSS
Exploits0References6
Circl
Circl
•added 4 days ago•8 views

CVE-2026-14641

creationtimestamp| type| source ---|---|--- 2026-07-05 00:36:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpudh4j6re2d...

7.5CVSS7.1AI score0.00416EPSS
Exploits0References1
CVE
CVE
•added 6 days ago•8 views

CVE-2026-27779

Gitea up to version 1.25.4 is affected by a vulnerability in forwarded-proto handling when generating public URLs, allowing spoofed canonical URLs via malformed or injected forwarded-proto values. The issue is documented across multiple sources (NVD/NVD CVE entry and Snyk). Affected area: the Git...

7.5CVSS5.9AI score0.00431EPSS
Exploits0References4
Circl
Circl
•added 6 days ago•11 views

CVE-2026-14620

creationtimestamp| type| source ---|---|--- 2026-07-03 17:04:38+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mpqzpoxq4c2i 2026-07-03 22:00:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mprkb56qhi2z...

4.7CVSS5.9AI score0.00116EPSS
Exploits0References2
Circl
Circl
•added 6 days ago•10 views

CVE-2026-59234

creationtimestamp| type| source ---|---|--- 2026-07-03 14:41:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpqrpeabqu2l 2026-07-04 04:11:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mps6yxxuv723...

6.9CVSS5.9AI score0.00403EPSS
Exploits0References2
EUVD
EUVD
•added 6 days ago•9 views

EUVD-2026-41507

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

6AI score0.00479EPSS
Exploits1References3
EUVD
EUVD
•added 6 days ago•10 views

EUVD-2026-41482

An Improper Export of Android Application Components vulnerability in ASUS Router App allows a third-party application on the same device to send a crafted Intent that causes ASUS Router App to open an specified URL. Refer to the ' Security Update for ASUS Router Android App ' section on the ASUS...

6CVSS5.8AI score0.00116EPSS
Exploits0References1
Circl
Circl
•added last week•9 views

CVE-2026-9145

creationtimestamp| type| source ---|---|--- 2026-07-02 22:18:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpp2suimi22o 2026-07-03 03:22:36+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpplrucijr2n...

6.5CVSS5.8AI score0.00372EPSS
Exploits0References2
Cvelist
Cvelist
•added last week•30 views

CVE-2026-59095 LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service importFromUrl and topic cover update fetchImageFromUrl...

8.3CVSS0.00235EPSS
Exploits0References3
Circl
Circl
•added last week•10 views

CVE-2026-55111

creationtimestamp| type| source ---|---|--- 2026-07-02 18:25:02+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mponqlwrdj2m 2026-07-03 07:08:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mppyfkkhz32m 2026-07-08 11:01:21+00:00| seen|...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References3
Circl
Circl
•added last week•8 views

CVE-2026-57766

creationtimestamp| type| source ---|---|--- 2026-07-02 12:25:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnzoc75jf2l 2026-07-02 16:01:25+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpofpsgu4w2b 2026-07-03 03:53:39+00:00| seen|...

8.8CVSS5.9AI score0.00142EPSS
Exploits0References4
Circl
Circl
•added last week•7 views

CVE-2026-57762

creationtimestamp| type| source ---|---|--- 2026-07-02 11:56:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnxz3twfs2o 2026-07-02 16:02:49+00:00| seen| https://bsky.app/profile/malwareobserver.bsky.social/post/3mpofscccbl2m 2026-07-03 00:45:10+00:00| seen|...

5.9CVSS5.9AI score0.00148EPSS
Exploits0References4
Circl
Circl
•added 2026/07/01 9:21 p.m.•8 views

CVE-2026-14056

creationtimestamp| type| source ---|---|--- 2026-07-01 21:21:54+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmh5xawjd2l 2026-07-02 01:38:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmvi7um2k2y 2026-07-02 07:50:52+00:00| seen|...

9.6CVSS5.9AI score0.00233EPSS
Exploits0References4
Rows per page
Query Builder