Lucene search
+L

72 matches found

attackerkb
attackerkb
added 2026/07/07 8:50 p.m.5 views

CVE-2026-49471

Serena is a powerful MCP toolkit for coding that provides semantic retrieval and editing capabilities. Prior to v1.5.2, Serena's built-in web dashboard exposes an unauthenticated Flask API on a fixed, predictable port, with no authentication, no CSRF protection, and no Host header validation. A D...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/07/07 8:50 p.m.19 views

CVE-2026-49471

Serena exposes an unauthenticated Flask API on a fixed port prior to v1.5.2, with no authentication, CSRF protection, or Host header validation. A DNS rebinding attack can reach this API from any browser and write arbitrary content to the agent’s persistent memory store, which the agent may read ...

8.3CVSS6.7AI score0.00237EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/22 1:18 p.m.10 views

CVE-2026-9029 Stored XSS in the Geomap panel tile-layer attribution

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS6AI score0.0025EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.10 views

Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞

Arista Edge Threat Management - Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...

5.8CVSS5AI score0.00154EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/24 12:0 a.m.13 views

Hermes Agent 安全漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Version Hermes Agent 2026.4.23 contains a security vulnerability. This vulnerability stems from improper handling of the parameter HERSERENABLEPROJECTPLUGINS in the function discoverdashboardplugins ...

5.3CVSS6AI score0.00228EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/24 12:0 a.m.20 views

PT-2026-42929

Name of the Vulnerable Software and Affected Versions hermes-agent version 2026.4.23 Description A security flaw exists in the CLI web-dashboard Interface within the discover dashboard plugins function of the hermes cli/web server.py file. A manipulation of the HERMES ENABLE PROJECT PLUGINS...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References13
githubexploit
githubexploit
added 2026/05/09 6:52 p.m.197 views

centipede

centipede Self-replicating Linux worm framework with multi-la...

7.8CVSS6.3AI score0.93235EPSS
Exploits33
githubexploit
githubexploit
added 2026/04/26 7:34 p.m.103 views

DarkWin-NGASR

🌌 DARKWIN — Next-Gen Automated Security Research Develope...

5.4AI score
Exploits0
githubexploit
githubexploit
added 2026/04/24 6:4 p.m.208 views

Andro-Recon-CLI

🛡️ CortexDroid – Android Vulnerability Assessment & Remote...

6.4CVSS5.8AI score0.00389EPSS
Exploits2
nessus
nessus
added 2026/04/01 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-0396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic...

4.3CVSS5.8AI score0.00136EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/31 11:50 a.m.12 views

CVE-2026-0396 HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/31 11:50 a.m.25 views

CVE-2026-0396 HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

3.1CVSS0.00136EPSS
Exploits0References1
osv
osv
added 2026/03/31 11:50 a.m.1 views

CVE-2026-0396 HTML injection in the web dashboard

An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI...

3.1CVSS5.9AI score0.00136EPSS
Exploits0References5
cve
cve
added 2026/03/31 11:50 a.m.25 views

CVE-2026-0396

CVE-2026-0396 affects dnsdist, a DNS load balancer. The issue arises when domain-based dynamic rules are enabled (DynBlockRulesGroup:setSuffixMatchRule / setSuffixMatchRuleFFI), allowing crafted DNS queries to cause HTML content injection into the internal web dashboard. Associated advisories con...

4.3CVSS5.9AI score0.00136EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/03/26 3:6 p.m.8 views

CVE-2026-22320

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References1
githubexploit
githubexploit
added 2026/03/25 4:21 p.m.134 views

NightOwl

NightOwl Advanced Penetration Testing Framework A modula...

5.9AI score
Exploits0
attackerkb
attackerkb
added 2026/03/20 2:35 a.m.3 views

CVE-2026-32890

Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. In versions 1.4.1 and below, a stored Cross-site Scripting XSS vulnerability in the web dashboard's User Mapping dropdown allows any unprivileged Discord user in the...

9.6CVSS6AI score0.00427EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/03/18 7:34 a.m.2 views

CVE-2026-22320

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/18 7:34 a.m.27 views

CVE-2026-22320 Stack-Based Buffer Overflow in TFTP File-Transfer Command Handling over CLI

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

6.5CVSS0.00317EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/03/18 12:0 a.m.6 views

PT-2026-26036

A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized filename input. Exploitation results in the corruption of the internal buffer, causing the CLI a...

6.5CVSS6.2AI score0.00317EPSS
Exploits0References4
Rows per page
Query Builder