Lucene search
K

394626 matches found

The Hacker News
The Hacker News
added 4 hours ago7 views

CISA Adds 4 Actively Exploited Adobe, Joomla, and Langflow Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2026-48282 CVSS score: 10.0 - A path traversal vulnerability i...

10CVSS8.2AI score0.01021EPSS
Exploits13
GithubExploit
GithubExploit
added 7 hours ago16 views

PS4-12.00-Jailbreak

PS4 12.00 Jailbreak + GoldHEN One-click local proxy that jail...

8.8CVSS7.2AI score0.10151EPSS
Exploits7
EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-42152

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

6AI score
Exploits0References3
NVD
NVD
added 9 hours ago5 views

CVE-2026-55429

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS
Exploits0References6
GithubExploit
GithubExploit
added 9 hours ago22 views

Exploit for CVE-2026-49777

!AMN SECURITYhttps://img.shields.io/badge/AMN-SECURITY-000000...

10CVSS6.2AI score0.01656EPSS
Exploits3
CVE
CVE
added 10 hours ago12 views

CVE-2026-55429

Coder's CVE-2026-55429 describes a cross-workspace agent rebinding vulnerability in UpsertWorkspaceApp and insertAgentApp where a provisioner payload can bind a victim app to an attacker-controlled agent due to lack of workspace verification. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, ...

8.7CVSS6AI score
Exploits0References6
Cvelist
Cvelist
added 10 hours ago9 views

CVE-2026-55429 Coder's workspace app upsert allows cross-workspace agent rebinding via user-controlled app ID

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS
Exploits0References6
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42135

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, UpsertWorkspaceApp overwrites an existing app's agentid on a primary-key conflict and insertAgentApp accepts the app ID from the provisioner's CompleteJob...

8.7CVSS6AI score
Exploits0References6
Amazon
Amazon
added 10 hours ago3 views

Medium: gstreamer1-plugins-bad-free

Issue Overview: A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into...

7.1CVSS6.1AI score0.00307EPSS
Exploits0
Amazon
Amazon
added 10 hours ago3 views

Important: gstreamer-plugins-bad-free

Issue Overview: A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker...

8.8CVSS6.6AI score0.00489EPSS
Exploits0
Amazon
Amazon
added 10 hours ago2 views

Medium: jq

Issue Overview: jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow i...

8.2CVSS6.3AI score0.00559EPSS
Exploits7
GithubExploit
GithubExploit
added yesterday24 views

Exploit for Command Injection in Litellm

─── CVE-2026-42271 ─── 🛡️ AMN SECURITY 🛡️ مركز أ...

8.8CVSS6.5AI score0.80188EPSS
Exploits2
OSV
OSV
added yesterday5 views

GHSA-4G5X-HCWM-82JW Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise

Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...

7.7CVSS6.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday5 views

Goploy: Arbitrary File Read via Path Traversal in /deploy/fileDiff allows Remote Server Compromise

Click here to jump to the Simplified Chinese version 点击跳转到简体中文版本 Goploy System Arbitrary File Read Vulnerability Basic Information - Vulnerability Name: Goploy Endpoints Arbitrary File Read via Path Traversal - Vulnerability Type: Path Traversal CWE-22 / Arbitrary File Read - Affected Product:...

6.4AI score
Exploits0References2Affected Software1
OSV
OSV
added yesterday3 views

GHSA-CWV4-H3J5-W3CF rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path

Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...

3.7CVSS6.5AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday5 views

rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path

Resolved: https://github.com/plabayo/rama/commit/89ddff578fd78bbebec99482d7030f28c07757a3 Summary plabayo/rama contains a stored/reflected cross-site scripting issue in the ServeDir HTML directory listing feature. When ServeDir is configured with DirectoryServeMode::HtmlFileList, file names and U...

6.5AI score
Exploits0References3Affected Software1
NVD
NVD
added yesterday4 views

CVE-2026-36162

An authenticated stored cross-site scripting XSS vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter...

Exploits0References2
GithubExploit
GithubExploit
added yesterday22 views

Exploit for Path Traversal in Adobe Coldfusion

CVE-2026-48282 — Adobe ColdFusion RDS Validation and Detection...

10CVSS7.9AI score0.01021EPSS
Exploits3
OSV
OSV
added yesterday3 views

GHSA-2VG6-77G8-24MP Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows

Am I affected? Users are affected if all of the following are true: - They configure secondaryStorage on betterAuth... Redis, KV, or any external session cache. - session.storeSessionInDatabase is left unset or set to false the default. - Their application's deployment uses one or more of: - The...

3.8CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

Better Auth: Stale sessions persist after user deletion across admin, anonymous, and SCIM flows

Am I affected? Users are affected if all of the following are true: - They configure secondaryStorage on betterAuth... Redis, KV, or any external session cache. - session.storeSessionInDatabase is left unset or set to false the default. - Their application's deployment uses one or more of: - The...

5.9AI score
Exploits0References3Affected Software2
Rows per page
Query Builder