Lucene search
+L

621 matches found

nuclei
nuclei
added yesterday78 views

iTop Hub Connector - Information Disclosure

Combodo iTop is a simple, web based IT Service Management tool. Server, OS, DBMS, PHP, and iTop info name, version and parameters can be read by anyone having access to iTop URI. This issue has been patched in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. id: CVE-2024-32870 info: name: iTop Hub...

5.8CVSS6.9AI score0.00731EPSS
Exploits0References3
redhatcve
redhatcve
added 4 days ago8 views

CVE-2026-59858

A command injection vulnerability in Vim's C omni-completion script allows an attacker to execute arbitrary commands if a user is tricked into opening a maliciously crafted tags file and manually invoking the autocomplete feature. Mitigation Users are advised to avoid opening untrusted C source...

8.4CVSS6.3AI score0.00137EPSS
Exploits0References5
osv
osv
added 2026/07/06 11:12 p.m.4 views

CVE-2026-53648 FOSSBilling: Downloadable product files can be overwritten through filename collisions

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS5.9AI score0.00264EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.8 views

PT-2026-55902

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description Improper input validation in the Apache Camel JIRA component allows for authorization bypass. The...

5.3CVSS6.1AI score0.00349EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.7 views

PT-2026-55896

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.10.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.x Description An issue exists in the Apache Camel Neo4J component where the producer builds the Cypher WHERE clau...

8.2CVSS6AI score0.00329EPSS
Exploits0References9
thn
thn
added 2026/06/27 5:27 p.m.27 views

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

The Security Service of Ukraine SSU said it, together with the U.S. Federal Bureau of Investigation FBI, uncovered a long-running campaign orchestrated by Russian intelligence services to break into the messaging accounts of government officials, military personnel, politicians, and activists in...

5.8AI score
Exploits0
redhatcve
redhatcve
added 2026/06/09 2:58 a.m.16 views

CVE-2026-11473

A vulnerability was identified in jflyfox jfinalcms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql injection. The attack can be launched remotely. The project was informed of the problem early through a...

6.5CVSS6.5AI score0.00204EPSS
Exploits0References1
osv
osv
added 2026/06/01 7:53 a.m.5 views

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS6AI score0.00352EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/05/25 12:0 a.m.21 views

PT-2026-43118

Name of the Vulnerable Software and Affected Versions Apache Shiro versions 1.0 through 2.1.0 Apache Shiro version 3.0.0-alpha-1 Description Default configurations contain a session fixation issue. In the affected versions, when a session already exists, it is not invalidated upon successful logi...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: Do not read mapcount for migration entries The syzbot reported the following bug: Kernel bug at include/linux/page-flags.h: 785 Invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1; PID: 4392; Comm: syz-executor560...

5.5CVSS5.9AI score0.00289EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: fixed the race condition in dstnegativeadvice The dstnegativeadvice function does not enforce proper RCU rules when sk-dstcache must be cleared, leading to a potential Use-After-Free error UAF. RCU rules state that we must...

7.8CVSS6.5AI score0.02701EPSS
Exploits1References2
nessus
nessus
added 2026/05/20 12:0 a.m.9 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021582)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021582 advisory. In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in...

5.5CVSS6.5AI score0.00231EPSS
Exploits0References4
osv
osv
added 2026/05/13 8:16 p.m.7 views

UBUNTU-CVE-2026-33376

When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...

7.4CVSS5.8AI score0.00271EPSS
Exploits0References3
githubexploit
githubexploit
added 2026/05/13 8:27 a.m.319 views

Exploit for CVE-2026-29204

CVE-2026-29204 — WHMCS client area addon context PoC Proof-of...

9.1CVSS6AI score0.00319EPSS
Exploits1
cvelist
cvelist
added 2026/05/01 10:0 a.m.34 views

CVE-2026-42779 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2)

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

9.8CVSS0.00902EPSS
Exploits1References1
nvd
nvd
added 2026/04/30 10:16 a.m.10 views

CVE-2026-41016

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS0.00268EPSS
Exploits0References2
nvd
nvd
added 2026/04/26 10:17 p.m.8 views

CVE-2018-25288

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service...

6.9CVSS0.00137EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/04/26 1:19 p.m.2 views

CVE-2018-25288

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service...

6.9CVSS5.7AI score0.00137EPSS
Exploits0References4Affected Software1
vulnrichment
vulnrichment
added 2026/04/26 1:19 p.m.4 views

CVE-2018-25288 StyleWriter 1.0 Denial of Service via Pattern Input

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service...

6.9CVSS5.7AI score0.00137EPSS
Exploits0References4
euvd
euvd
added 2026/04/26 1:19 p.m.10 views

EUVD-2018-21808

StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the Pattern to Find or Advice Message fields in the Add Pattern dialog to trigger a denial of service...

6.9CVSS5.7AI score0.00137EPSS
Exploits0References4
Rows per page
Query Builder