Lucene search
K

148466 matches found

Circl
Circl
added 2026/05/27 5:48 a.m.11 views

CVE-2026-9022

creationtimestamp| type| source ---|---|--- 2026-05-27 05:48:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmssoqcydb2t 2026-05-27 09:10:17+00:00| seen| https://bsky.app/profile/donwebmedia.bsky.social/post/3mmt5xirscr2l 2026-06-04 07:45:55+00:00| seen|...

6.4CVSS5.3AI score0.00197EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:30 p.m.11 views

CVE-2026-44833

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 3:15 a.m.10 views

CVE-2026-9421 KLiK SocialMediaWebsite File upload.inc.php uniqid unrestricted upload

A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php of the component File Handler. This manipulation causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and m...

7.5CVSS6.8AI score0.00293EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 7:36 p.m.9 views

MAL-2026-4632 Malicious code in orca-website (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c52f7fe46d56cb45880942f5266494a2654d9d330914a6c3c99f02045eacd1dc On require/import, index.js collects host identifiers os.hostname, os.userInfo.username, os.platform, os.arch, process.cwd, process.pid, timestamp an...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/05/22 2:57 a.m.11 views

EUVD-2026-31401

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Before version 92.0.4515.159, using free after functions in WebRTC in Google Chrome allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS6.7AI score0.02118EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved by adding additional restrictions on CSS compositing. This issue has been fixed in tvOS 15, watchOS 8, iOS 15, and iPadOS 15. Visiting a maliciously crafted website may reveal a user’s browsing history...

4.7CVSS5.8AI score0.01114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. A website may be able to bypass the Same Origin Policy...

7.5CVSS6.8AI score0.00967EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in WebKit2GTK

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, and Safari 16.2. Visiting a malicious website may result in address bar spoofing...

4.3CVSS6.4AI score0.00965EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in WebKit2GTK

A inconsistent user interface issue has been resolved through improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, and macOS Sonoma 14.1. Visiting a malicious website may result in address bar spoofing...

7.5CVSS6.7AI score0.0086EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in emacs

A command injection flaw was discovered in the text editor Emacs. This flaw could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirec...

8.8CVSS7.6AI score0.02657EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers...

5.8CVSS6.6AI score0.01279EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/20 5:30 a.m.14 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6.7AI score0.00961EPSS
Exploits2References19
RedHat Linux
RedHat Linux
added 2026/05/20 5:30 a.m.13 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS5.6AI score0.00276EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/19 6:33 p.m.14 views

EUVD-2026-30971

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.6. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

6.5CVSS5.7AI score0.00404EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/19 6:13 p.m.18 views

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

5.3CVSS7.2AI score0.00222EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/16 3:26 p.m.6 views

an-website (>=24.12.0 <=25.2.0), graphtomation (>=0.0.6 <=0.2.0) +5 more potentially affected by CVE-2021-47952 via jsonpickle (>=4.0.0 <=4.0.1)

jsonpickle PYPI version =4.0.0, =24.12.0, =0.0.6, =4.0.0, =0.1.0, =0.1.1, =0.5.8, =0.5.9 Source cves: CVE-2021-47952 Source advisory: SNYK:PYTHON-JSONPICKLE-16755449...

9.8CVSS5.4AI score0.00696EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/15 8:19 p.m.91 views

Vulnerability-Scanner-using-Ollama-3-

Vulnerability Scanning & Exploitation Toolkit A Python-based...

9.8CVSS7.3AI score0.99992EPSS
Exploits150
ATTACKERKB
ATTACKERKB
added 2026/05/15 7:46 a.m.11 views

CVE-2026-8425

The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the updateSettings function. This makes it possible for unauthenticated attackers to change the Notify Odoo URL to ...

4.3CVSS5.7AI score0.00135EPSS
Exploits0References9
CVE
CVE
added 2026/05/15 7:30 a.m.114 views

CVE-2026-8398

The CVE-2026-8398 entry concerns a supply-chain compromise of DAEMON Tools Lite Windows installers (versions 12.5.0.2421–12.5.0.2434) distributed via daemon-tools.cc. Attackers allegedly gained access to AVB Disc Soft’s build/distribution infrastructure and trojanized three binaries—DTHelper.exe,...

9.8CVSS5.8AI score0.01456EPSS
In wildExploits1References3Affected Software1
Rows per page
Query Builder