Lucene search
+L

407064 matches found

GithubExploit
GithubExploit
added yesterday6 views

Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware

HIKRAVEN 🛡️ Advanced Hikvision Security Assessmen...

9.8CVSS9.1AI score0.99869EPSS
Exploits25
GithubExploit
GithubExploit
added yesterday6 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS6.9AI score
Exploits5
Wordfence Blog
Wordfence Blog
added yesterday6 views

PSA: WordPress Core Patched Unauthenticated Remote Code Execution Vulnerability Chain

On July 17, 2026, the WordPress Security Team released updates to WordPress core addressing two security vulnerabilities. The first is an unauthenticated SQL injection vulnerability identified as CVE-2026-60137, while the second can be chained with the SQL injection to increase its impact to...

9.1CVSS7.2AI score
Exploits5
Rapid7 Blog
Rapid7 Blog
added yesterday5 views

CVE-2026-63030: wp2shell a Critical Remote Code Execution Vulnerability in WordPress Core

Overview On July 17, 2026, a GitHub Security Advisory was published for CVE-2026-63030, a critical unauthenticated remote code execution vulnerability affecting WordPress Core. While the official GitHub security advisory classifies the severity as Critical, the vulnerability has currently been...

7.5CVSS6.5AI score
Exploits5
Github Security Blog
Github Security Blog
added yesterday6 views

Skipper: Incomplete fix for CVE-2026-50197: an oversized body can bypass OPA deny-on-presence Rego policies

Summary A wrong policy can be an open door. You have to check input.attributes.request.http.truncatedbody in your policy. Description Incomplete fix for CVE-2026-50197: an oversized declared-Content-Length body still hands OPA an empty parsedbody, so deny-on-presence Rego policies fail OPEN while...

7.8CVSS5.4AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday8 views

GHSA-8QQM-FP2Q-V734 Skipper: Incomplete fix for CVE-2026-50197: an oversized body can bypass OPA deny-on-presence Rego policies

Summary A wrong policy can be an open door. You have to check input.attributes.request.http.truncatedbody in your policy. Description Incomplete fix for CVE-2026-50197: an oversized declared-Content-Length body still hands OPA an empty parsedbody, so deny-on-presence Rego policies fail OPEN while...

8.2CVSS5.5AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-52203

An issue in MCMS v.6.1.1 allows a remote attacker to obtain sensitive information via the source parameter...

Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-44891

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
GithubExploit
GithubExploit
added yesterday9 views

Exploit for CVE-2026-63030

wp2shell-poc Proof-of-concept for an unauthenticated SQL inje...

7.5CVSS6.8AI score
Exploits5
NVD
NVD
added yesterday4 views

CVE-2026-8056

IBM Langflow OSS 1.0.0 through 1.10.0 allows authenticated users to override component parameters at runtime via the API. A critical security flaw exists in the parameter filtering mechanism within the applytweaks function...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-60137

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

9.1CVSS
Exploits2References2
NVD
NVD
added yesterday2 views

CVE-2026-46420

setup-php is a GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and tools. From 2.25.0 prior to 2.37.1, shivammathur/setup-php resolves the PHP version from repository-controlled files such as .php-version, composer.lock through platform-overrides.php, and...

5.6CVSS0.01576EPSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-44974

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday5 views

CVE-2026-44891 Netty: Denial of Service via Unbounded Headers in StompSubframeDecoder

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-44891

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS5.3AI score
Exploits0References8Affected Software1
CVE
CVE
added yesterday38 views

CVE-2026-44891

CVE-2026-44891 affects Netty’s StompSubframeDecoder. Prior to 4.1.136.Final and 4.2.16.Final, StompSubframeDecoder does not cap total headers or cumulative size per frame; maxLineLength only bounds individual header lines. An attacker can submit many small headers that accumulate in DefaultStompH...

7.5CVSS5.3AI score
Exploits0References7
EUVD
EUVD
added yesterday4 views

EUVD-2026-45316

Netty is a network application framework for development of protocol servers and clients. Prior to 4.1.136.Final and 4.2.16.Final, io.netty.handler.codec.stomp.StompSubframeDecoder fails to limit the total number of headers or their cumulative size per frame, and the maxLineLength parameter only...

7.5CVSS5.3AI score
Exploits0References7
Cvelist
Cvelist
added yesterday5 views

CVE-2026-44974 Parameter smuggling in @hapi/content header parser allows upload-filter bypass via duplicate parameters

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
CVE
CVE
added yesterday38 views

CVE-2026-44974

CVE-2026-44974 affects the @hapi/content header parser. Before v6.0.2, Content.disposition() kept the last value for duplicate parameters while Content.type() kept the first for duplicate charset/boundary parameters, creating a parameter-smuggling primitive when duplicates are resolved inconsiste...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-44974

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder