Lucene search
K

31912 matches found

Nuclei
Nuclei
added yesterday74 views

Western Digital MyCloud NAS - Authentication Bypass

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...

10CVSS7.1AI score0.86586EPSS
Exploits6References5
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-57886

Name of the Vulnerable Software and Affected Versions luci-app-banip versions 0 through 0.11.1 Description A log parsing flaw exists where the awk-based parser extracts the first IPv4 address from log lines regardless of its field position. This allows an unauthenticated remote attacker to inject...

8.7CVSS6.2AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago7 views

Malicious code in babel-preset-lib-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4274de0136aa69f8b0f4eba03412c7809a1b8c2446bb3ed7f6de1333475aa4c4 index.js, the package main, runs a load-time IIFE that collects OS platform and architecture, hostname, username, private and public IP via...

6.1AI score
Exploits0References5
CVE
CVE
added 2 days ago19 views

CVE-2026-10666

CVE-2026-10666 affects Zephyr’s net_ipaddr_parse() path (IPv4 address-with-port parsing via net_ipaddr_parse() in subsys/net/ip/utils.c). The bug stems from parse_ipv4() copying the port suffix into a fixed 17-byte buffer without validating port length, using a length derived from an unbounded in...

8.1CVSS6.2AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-10666 Stack buffer overflow in `net_ipaddr_parse()` IPv4 address-with-port parsing in `subsys/net/ip/utils.c`

parseipv4 in subsys/net/ip/utils.c reached via netipaddrparse for strings of the form "a.b.c.d:port" copies the port substring into a fixed 17-byte stack buffer char ipaddrNETIPV4ADDRLEN + 1 using a length of strlen - end - 1, where strlen is the full, unbounded input length and end is only the...

8.1CVSS0.00346EPSS
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-56259

CVE-2026-56259 affects Crawl4AI prior to 0.8.8. A credential-exfiltration vulnerability exists in the Docker API server that lets an attacker redirect LLM API calls to attacker-controlled endpoints and read environment variables. By targeting unauthenticated endpoints /md, /llm, and /llm/job and ...

8.8CVSS6.2AI score0.00268EPSS
Exploits0References2
Circl
Circl
added 2 days ago7 views

CVE-2026-15490

creationtimestamp| type| source ---|---|--- 2026-07-12 10:51:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqgz3ga6yk2e...

7.5CVSS7AI score0.00393EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2 days ago10 views

PT-2026-57525

Name of the Vulnerable Software and Affected Versions Trendnet TEW-635BRM versions prior to 1.00.04 Description A flaw in the IPoA WAN Connection Setup component allows remote command injection. The issue exists within the ipoa test function located in the /sbin/rc file. An attacker can trigger...

9CVSS7.1AI score0.01514EPSS
Exploits0References8
NVD
NVD
added 3 days ago7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43184

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
Circl
Circl
added 3 days ago7 views

CVE-2026-12426

creationtimestamp| type| source ---|---|--- 2026-07-11 04:39:41+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdtszsiqd2y 2026-07-13 23:52:55+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqkv6zlqiq2c...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References2
Circl
Circl
added 3 days ago6 views

CVE-2026-15053

creationtimestamp| type| source ---|---|--- 2026-07-11 00:40:14+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdggv6z7c2c...

7.5CVSS6.1AI score0.00324EPSS
Exploits0References1
Circl
Circl
added 4 days ago7 views

CVE-2026-54001

creationtimestamp| type| source ---|---|--- 2026-07-10 22:22:13+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6q42vrb2z 2026-07-10 23:40:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdd3r4mkg2x...

7CVSS6.1AI score0.00108EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-49213

TypeBot is a chatbot builder tool. Prior to 3.17.2, Typebot's shared SSRF validator in packages/lib/src/ssrf/validateHttpReqUrl.ts can be bypassed with the IPv6 unspecified address :: because validateIPAddress blocks local, metadata, and private ranges but does not block :: or its expanded form. ...

8.1CVSS0.00319EPSS
Exploits0References4
NVD
NVD
added 4 days ago7 views

CVE-2026-34196

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...

7.8CVSS0.0015EPSS
Exploits0References1
OSV
OSV
added 4 days ago1 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS6.1AI score0.00341EPSS
Exploits1References8
NVD
NVD
added 4 days ago8 views

CVE-2026-15146

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS0.00121EPSS
Exploits0References3
CVE
CVE
added 4 days ago22 views

CVE-2026-15146

GNU Wget is vulnerable in FTP passive mode due to not validating the IP address in the PASV response, enabling potential SSRF to localhost/internal resources via a malicious FTP/redirected HTTP server. The issue is addressed in the 4f85853f... commit, which validates the PASV address against the ...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References3
Rows per page
Query Builder