Lucene search
K

2163 matches found

Nuclei
Nuclei
added 14 hours ago37 views

Leantime < 2.4 - Authenticated SQL Injection

Leantime is an open source project management system. A 'userId' variable in app/domain/files/repositories/class.files.php is not parameterized. An authenticated attacker can send a carefully crafted POST request to /api/jsonrpc to exploit an SQL injection vulnerability. Confidentiality is impact...

6.5CVSS6.6AI score0.01872EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in ishowfeet12 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b60cb6a8169d535b5e52d5fa3cb7a1a16bf4f2d15f87d894a4111da9b74fedae The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
NVD
NVD
added yesterday8 views

CVE-2026-15525

A vulnerability was detected in kLOsk adloop up to 0.9.0. This vulnerability affects the function validateurls of the file src/adloop/ads/write.py. Performing a manipulation of the argument finalurl results in server-side request forgery. The attack may be initiated remotely. The exploit is now...

6.5CVSS0.00214EPSS
Exploits0References8
NVD
NVD
added 2 days ago9 views

CVE-2026-15476

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS0.00103EPSS
Exploits0References6
NVD
NVD
added 4 days ago9 views

CVE-2026-15330

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function buildimagecontent/downloadtodataurl of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack c...

7.5CVSS0.00352EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.93 security and extras update

Red Hat OpenShift Container Platform release 4.12.93 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Low...

8.7CVSS6AI score0.00656EPSS
Exploits0References2
Debian
Debian
added 2026/07/07 8:47 p.m.4 views

[SECURITY] [DSA 6382-1] postfix security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6382-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 07, 2026 https://www.debian.org/security/faq -...

5.9AI score
Exploits0
CVE
CVE
added 2026/07/07 9:18 a.m.16 views

CVE-2026-48828

The CVE-2026-48828 issue affects Apache Airflow’s Bulk Variables API: the redactor was invoked without passing the variable key, so the key-based should_hide_value_for_key check (triggered by secret-suffixed keys like *_password, *_token, *_secret) could not redact JSON-typed variable values. An ...

6.5CVSS6AI score0.00664EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/07/07 9:16 a.m.5 views

EUVD-2026-42024

The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-14757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation...

7.8CVSS5.7AI score0.00142EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-14760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in radareorg radare2 up to 6.1.6. Impacted is the function rcoreseekarchbits of the file libr/core/disasm.c of the component...

7.8CVSS5.5AI score0.00135EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:0 a.m.6 views

CVE-2026-14789

A vulnerability was detected in radareorg radare2 up to 6.1.6. Affected by this issue is some unknown functionality of the file libr/bin/format/mdmp/mdmp.c of the component Memory64ListStream Parser. Performing a manipulation results in stack-based buffer overflow. The attack requires a local...

4.8CVSS6.2AI score0.00153EPSS
Exploits1References7Affected Software1
EUVD
EUVD
added 2026/07/06 1:45 a.m.8 views

EUVD-2026-41799

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00135EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.11 views

Debian dsa-6381 : ata-modules-6.12.90+deb13-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6381 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6381-1 [email protected] https://www.debian.org/securit...

9.8CVSS6.6AI score0.00497EPSS
Exploits5References52
EUVD
EUVD
added 2026/07/05 2:45 p.m.13 views

EUVD-2026-41766

A vulnerability was determined in radareorg radare2 up to 6.1.6. This affects the function coreanalbytes of the file libr/core/cmdanal.inc. This manipulation causes integer overflow. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. It is...

5.3CVSS5.8AI score0.00142EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/07/05 12:0 a.m.12 views

Debian dsa-6377 : libapache2-mod-php8.4 - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6377 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 6:0 a.m.10 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.46 security and extras update

Red Hat OpenShift Container Platform release 4.18.46 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS5.9AI score0.00656EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:39 p.m.5 views

CVE-2026-53404

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

5.7AI score0.00413EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:45 p.m.7 views

CVE-2026-13590

A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/header/ModbusLayer.h of the component Modbus Protocol Handler. The manipulation of the argument length results in heap-based buffer overflow. The attack...

6.3CVSS5.7AI score0.00394EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/29 12:31 a.m.10 views

EUVD-2026-40011

A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform...

2.4CVSS5.4AI score0.00133EPSS
Exploits0References7
Rows per page
Query Builder