9806 matches found
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
EUVD-2025-29509
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
CVE-2025-24293
Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...
Active Storage security vulnerability
Active Storage is a plugin that allows for file uploads to various cloud storage services and attaches files to Active Record objects. There is a security vulnerability in Active Storage, which stems from the use of potentially insecure image conversion methods, potentially leading to command...
Exploit for CVE-2020-1472
Active Directory Attack Path Suggestion Engine !Python Versi...
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-24858 CVSS score: 9.4, has been described as an authentication bypass related to FortiOS single...
EUVD-2026-4907
Dokploy is a free, self-hostable Platform as a Service PaaS. In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint /docker-container-terminal. The containerId and activeWay parameters are directly interpolated into shell commands without...
PT-2026-5046
Name of the Vulnerable Software and Affected Versions Dokploy versions prior to 0.26.6 Description Dokploy is a Platform as a Service PaaS. A command injection issue exists in versions prior to 0.26.6 within the /docker-container-terminal WebSocket endpoint. The containerId and activeWay paramete...
Exploit for CVE-2026-21509
🛡️ CVE-2026-21509 — Microsoft Office Zero-Day !OFFICEhttps...
SUSE CVE-2026-22980
In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4endgrace Writing to v4endgrace can race with server shutdown and result in memory being accessed after it was freed - reclaimstrhashtbl in particularly. We cannot hold nfsdmutex across the nfsd4endgrac...
CentOS 9 : sssd-2.9.8-1.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the sssd-2.9.8-1.el9 build changelog. - SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux CVE-2025-11561 Note that Nessus has not tested for this issue but...
Burp Suite 2025.12.4 Extension Advanced ReDoS Detector
This Burp Suite Java extension integrates an advanced timing-based ReDoS detection engine into Burp's Active Scanner. It automatically tests HTTP parameters using crafted payloads to identify exponential regex backtracking vulnerabilities. The extension performs warm-up requests, collects baselin...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2018-14634link is external Linux Kernel Integer Overflow Vulnerability CVE-2025-52691link is external SmarterTools SmarterMail Unrestricted Upload of File with...
Exploit for CVE-2026-24061
CVE-2026-24061 Scanner: GNU Inetutils Telnet Exploit Checker...
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The vulnerability ...
CVE-2026-22980
In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4endgrace Writing to v4endgrace can race with server shutdown and result in memory being accessed after it was freed - reclaimstrhashtbl in particularly. We cannot hold nfsdmutex across the nfsd4endgrac...
CVE-2026-22980
In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4endgrace Writing to v4endgrace can race with server shutdown and result in memory being accessed after it was freed - reclaimstrhashtbl in particularly. We cannot hold nfsdmutex across the nfsd4endgrac...
CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2025-68645 CVSS score: 8.8 - A PHP remote fi...