Lucene search
K

2186 matches found

Circl
Circl
added yesterday3 views

CVE-2026-8590

creationtimestamp| type| source ---|---|--- 2026-07-14 16:00:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqmlbredfw2t 2026-07-14 22:50:04+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116920772161948536...

8.7CVSS6.1AI score
Exploits0References2
Nuclei
Nuclei
added yesterday32 views

ChurchCRM - API Authentication Bypass via URL Injection

ChurchCRM 7.1.0 contains an authentication bypass caused by improper API middleware URL handling in ChurchCRM/Slim/Middleware/AuthMiddleware.php, letting unauthenticated attackers access protected API endpoints, exploit requires crafted request URL with 'api/public id: CVE-2026-39339 info: name:...

9.1CVSS6.1AI score0.01351EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday37 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Circl
Circl
added yesterday5 views

CVE-2026-53694

creationtimestamp| type| source ---|---|--- 2026-07-14 01:00:04+00:00| seen| https://t.me/bdufstecru/3284 2026-07-15 00:00:35+00:00| seen| https://t.me/bdufstecru/3284...

7.3CVSS7AI score0.00131EPSS
Exploits1References1
Circl
Circl
added 2 days ago6 views

CVE-2026-62192

creationtimestamp| type| source ---|---|--- 2026-07-13 22:42:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqkrbdxlxy2t...

8.1CVSS6.1AI score0.00248EPSS
Exploits0References1
Circl
Circl
added 4 days ago6 views

CVE-2026-15053

creationtimestamp| type| source ---|---|--- 2026-07-11 00:40:14+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdggv6z7c2c...

7.5CVSS6.1AI score0.00324EPSS
Exploits0References1
Circl
Circl
added 5 days ago8 views

CVE-2026-49866

creationtimestamp| type| source ---|---|--- 2026-07-10 16:41:48+00:00| seen| https://gist.github.com/alon710/9eaabfe8d7f17c883b344ecc760d4947 2026-07-10 18:35:05+00:00| published-proof-of-concept| https://github.com/libp2p/js-libp2p/security/advisories/GHSA-cwc9-cp4j-mcvv...

7.5CVSS6.1AI score0.00446EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

6.2CVSS6.3AI score0.00386EPSS
Exploits1References5
Veracode
Veracode
added 5 days ago5 views

Improper Input Validation

github.com/coder/coder is vulnerable to Improper Input Validation. The vulnerability is due to insufficient validation of the scheme and host in external workspace application URLs before substituting the $SESSIONTOKEN placeholder, which allows an attacker controlling a malicious workspace templa...

7.7CVSS6.1AI score0.00336EPSS
Exploits0References9Affected Software2
EUVD
EUVD
added 5 days ago16 views

EUVD-2026-34013

Tesla vulnerable to atom exhaustion via untrusted URL scheme...

8.2CVSS5.9AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

CVE-2026-59223 Open WebUI: `WEB_FETCH_FILTER_LIST` host allow/block filter bypassable via URL path and non-label-boundary matching

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, WEBFETCHFILTERLIST matching compared configured host entries against URL strings and non-label-boundary suffixes, allowing path-based blocklist bypasses such as !internal.example.com in a URL pa...

4.3CVSS6.1AI score0.00223EPSS
Exploits0References6
Circl
Circl
added 6 days ago9 views

CVE-2026-15131

creationtimestamp| type| source ---|---|--- 2026-07-09 01:12:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq6hcdrdsr2g 2026-07-09 04:46:03+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260709...

4.3CVSS5.9AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-51598

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

0.00177EPSS
Exploits0References1
Circl
Circl
added 2026/07/07 8:48 p.m.8 views

CVE-2026-48956

creationtimestamp| type| source ---|---|--- 2026-07-07 20:48:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq3i3hz3pq27 2026-07-08 14:15:08+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mq5claiknt2n...

6.4CVSS5.9AI score0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:18 p.m.9 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/07 4:18 p.m.5 views

EUVD-2025-210439

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References6
Circl
Circl
added 2026/07/07 12:7 p.m.9 views

CVE-2021-20173

creationtimestamp| type| source ---|---|--- 2026-07-07 12:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mq2kxfyzo62o...

8.8CVSS7.2AI score0.03199EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56238

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.1 Description A heap buffer underread exists in the clean metalink string function within src/metalink.c. This occurs when the software processes a Metalink document containing a URL consisting only of whitespac...

8.7CVSS6.1AI score0.00351EPSS
Exploits0References15
Circl
Circl
added 2026/07/06 9:42 p.m.7 views

GHSA-287W-MXQ6-X2CP

creationtimestamp| type| source ---|---|--- 2026-07-06 21:42:10+00:00| seen| https://gist.github.com/alon710/42394c2aa3975303824ce1e33bac787e...

5.9AI score
Exploits0References1
Circl
Circl
added 2026/07/06 4:15 p.m.9 views

CVE-2026-13698

creationtimestamp| type| source ---|---|--- 2026-07-06 16:15:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyifa6m562w 2026-07-09 16:02:50+00:00| seen| https://bsky.app/profile/bootintel.bsky.social/post/3mq7z2rkvbo2o...

7.5CVSS5.9AI score0.00549EPSS
Exploits0References2
Rows per page
Query Builder