Lucene search
K

14746 matches found

CVE
CVE
added 5 days ago7 views

CVE-2026-34097

CVE-2026-34097 concerns Guardian Language-System. The vulnerability arises because text_file.php fails to sanitize the GET parameter id before it is inserted into multiple HTML form action attributes (lines 94, 101, 323, 403, 826, 852). This allows an authenticated attacker to craft a URL that in...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
NVD
NVD
added last week10 views

CVE-2026-13762

Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This issue was...

9.8CVSS0.00438EPSS
Exploits0References1
CVE
CVE
added last week15 views

CVE-2026-13763

This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-383 Langroid has WAF Bypass Leading to RCE in TableChatAgent

Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...

9.4CVSS7AI score0.00648EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/06/29 9:15 a.m.35 views

CVE-2026-13554 itsourcecode Online Hotel Management System POST Request controller.php add cross site scripting

A vulnerability has been found in itsourcecode Online Hotel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/modamenities/controller.php?action=add of the component POST Request Handler. The manipulation of the argument Name leads to cross site...

5.3CVSS0.00443EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.5 views

PT-2026-53691

Name of the Vulnerable Software and Affected Versions Amazon CloudFront affected versions not specified Description An inconsistent interpretation of HTTP/2 requests in Amazon CloudFront when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. This occurs through...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
Fedora
Fedora
added 2026/06/27 1:12 a.m.4 views

[SECURITY] Fedora 44 Update: nginx-mod-naxsi-1.6-19.fc44

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS7AI score0.03225EPSS
Exploits4
Fedora
Fedora
added 2026/06/27 12:56 a.m.3 views

[SECURITY] Fedora 43 Update: nginx-mod-naxsi-1.6-19.fc43

naxsi is an nginx module that provides score based Web Application Firewall WAF abilities in a highly granular fashion...

9.2CVSS7AI score0.03225EPSS
Exploits4
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.53 views

Apache OFBiz - Remote Code Execution

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45507 info: name: Apache OFBiz -...

9.8CVSS8.3AI score0.93243EPSS
Exploits0References6
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.36 views

Apache OFBiz - Remote Code Execution

Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server id: CVE-2024-45195 info: name: Apache OFBiz -...

9.8CVSS8.3AI score0.99983EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 12:15 p.m.36 views

CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS0.00149EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2026/06/22 11:39 a.m.44 views

On-Premises API Security on Kubernetes: What It Actually Looks Like in Practice

Let’s Talk About Where Your APIs Actually Run Quick answer: On-premises API security keeps API discovery, detection, and enforcement inside your own perimeter instead of a third-party cloud—the model regulated industries need. Deploying it natively on Kubernetes sidecar sensors → a discovery...

6.2AI score
Exploits0
NVD
NVD
added 2026/06/17 1:19 p.m.7 views

CVE-2025-62340

HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period of inactivity...

5.3CVSS0.00204EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 12:17 p.m.16 views

CVE-2025-62340

HCL iControl is affected by CVE-2025-62340 (Inadequate Session Timeout). The vulnerability is a failure of the web application to automatically terminate user sessions after a period of inactivity. According to the provided sources, the affected product is HCL iControl, with impact described as C...

5.3CVSS5.2AI score0.00204EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/15 9:17 p.m.7 views

CVE-2026-48885

Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2026/06/15 11:6 a.m.9 views

Your Security Operations Team Just Got Faster: Meet Imperva’s AI Assistant.

There is a moment every security analyst knows well. It’s 2am , an alert fires, and you’re staring at a console trying to make sense of what just happened—fast. You need context, scope, and impact: What’s being targeted? Where is it coming from? Is it getting worse? What should we do next? That...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/12 3:47 a.m.68 views

ethical-hacking-security-labs

Ethical Hacking & Network Security Lab Portfolio A hands-on...

10CVSS8AI score0.96184EPSS
Exploits30
GithubExploit
GithubExploit
added 2026/06/12 2:44 a.m.65 views

websec-skills

websec-skills Web Security Vulnerability Testing Skills Set,...

5.5AI score
Exploits0
Cvelist
Cvelist
added 2026/06/10 2:0 p.m.36 views

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS0.00372EPSS
Exploits0References1
Rows per page
Query Builder