Lucene search
K

87132 matches found

Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.78 views

📄 Grav CMS 1.7.49.5 Shell Upload

This script targets a Grav CMS administrative panel by first authenticating, then checking version information to estimate vulnerability exposure. If conditions are met, it generates a malicious PHP plugin containing a base64-encoded payload and uploads it as a ZIP package through the “direct...

6.5AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2026/04/23 12:0 a.m.10 views

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

Any authenticated user including BASIC role can escalate to ADMIN on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: POST /account/change-password has no authorization check, allowing any session to overwrite the password hash; the inactive password auth...

8.8CVSS5.7AI score0.00472EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34807

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these...

9.8CVSS5.7AI score0.00548EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.7 views

Grav CMS Authenticated Scanner

This Python script is a safe, read-only scanner designed to detect whether a target running Grav CMS with its Admin plugin may be vulnerable to CVE-2025-50286, based purely on version analysis...

8.1CVSS5.7AI score0.0871EPSS
Exploits7
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

IBM Guardium Data Protection 跨站脚本漏洞

IBM Guardium Data Protection is a data security and activity monitoring platform for database auditing, vulnerability assessment and compliance management. A cross-site scripting vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from the failure of the Web UI to proper...

4.8CVSS5.6AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34661

⚠️ CVE-2026-19855 — Laravel-based CMS "October Lite" ≤ 1.2.0 suffers from stored XSS in the admin panel, allowing attackers to hijack sessions and escalate privileges via malicious content injection. Admins beware. Source: https://t.co/qR6BL1BWL1...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34822

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.4.0 Description Authenticated users, including those with the BASIC role, can escalate their privileges to ADMIN on servers that migrated from password authentication to OpenID Connect. This is possible through an...

8.8CVSS5.4AI score0.00472EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34775

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...

5.4CVSS5.7AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34790

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence settings via the send endpoint. Attackers with operator.write credentials can exploit insufficient acce...

7.1CVSS5.8AI score0.00232EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

hackage-server 跨站请求伪造漏洞

hackage-server is a Haskell open-source package repository server. hackage-server has a cross-site request forgery vulnerability. This vulnerability stems from the lack of protection against cross-site request forgery attacks, which may allow external scripts to trigger requests, enabling the abu...

9.6CVSS5.7AI score0.00137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-41176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without...

9.8CVSS5.8AI score0.34734EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from permission escalation vulnerabilities, allowing authenticated operators with write permissions to acces...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/22 11:57 p.m.4 views

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.3AI score0.34734EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/22 11:57 p.m.216 views

CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.2CVSS0.34734EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 11:57 p.m.65 views

CVE-2026-41176

CVE-2026-41176 affects the rclone RC interface. The RC endpoint options/set is exposed without AuthRequired, allowing an unauthenticated attacker to mutate global runtime configuration (including rc.NoAuth) and bypass authorization for many RC methods. Versions affected: 1.45.0 up to 1.73.4; fixe...

9.8CVSS5.8AI score0.34734EPSS
In wildExploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:27 p.m.3 views

CVE-2026-4917

IBM Guardium Data Protection 12.1 could allow an administrative user to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to write arbitrary files on the system...

4.9CVSS5.9AI score0.00356EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 11:26 p.m.5 views

CVE-2026-4918 IBM Guardium Data Protection is affected by multiple vulnerabilities

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 11:26 p.m.33 views

CVE-2026-4918 IBM Guardium Data Protection is affected by multiple vulnerabilities

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:26 p.m.6 views

CVE-2026-4918

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.5CVSS5.5AI score0.00142EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 11:23 p.m.31 views

CVE-2026-4919 IBM Guardium Data Protection is affected by multiple vulnerabilities

IBM Guardium Data Protection 12.1 is vulnerable to cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

4.8CVSS0.00185EPSS
Exploits0References1
Rows per page
Query Builder