Lucene search
K

3465 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.361 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
Nuclei
Nuclei
added 10 hours ago1417 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6.1AI score0.47595EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago28 views

Quest KACE System Management Appliance 8.0.318 - Remote Code Execution

The '/common/downloadagentinstaller.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by anonymous users and can be abused to execute arbitrary commands on the system. id: CVE-2018-11138 info: name: Quest KACE System Management Appliance 8.0.318 - Remote Code Executi...

10CVSS7.2AI score0.91931EPSS
Exploits7References4
Cvelist
Cvelist
added yesterday21 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday16 views

Drupal Core - Anonymous SQL Injection via PostgreSQL Entity Query

Drupal core from 8.9.0 before 10.4.10, 10.5.0 before 10.5.10, 10.6.0 before 10.6.9, 11.0.0 before 11.1.10, 11.2.0 before 11.2.12, and 11.3.0 before 11.3.10 contains an SQL injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL...

9.8CVSS7.1AI score0.84631EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 4 days ago4 views

MiracleLinux 8 : cups-2.2.6-68.el8_10 (AXSA:2026-1240:09)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-1240:09 advisory. cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 Tenable has...

7.5CVSS6.9AI score0.00502EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-49256

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS5.9AI score0.00384EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56997

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Restricted tag and tag-group names attached to publicly readable categories as...

6.3CVSS6.1AI score0.00384EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

RockyLinux 8 : cups (RLSA-2026:36733)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:36733 advisory. cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 Tenable has extracted...

7.5CVSS6.9AI score0.00502EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 5 days ago5 views

RHEL 8 : cups (RHSA-2026:36733)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:36733 advisory. The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups:...

7.5CVSS6.9AI score0.00502EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

AlmaLinux 8 : cups (ALSA-2026:36733)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:36733 advisory. cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 Tenable has extracted t...

7.5CVSS6.9AI score0.00502EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 6 days ago4 views

Moderate: Red Hat Security Advisory: cups security update

An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.5CVSS6.6AI score0.00502EPSS
Exploits1References2
OSV
OSV
added 2026/07/07 4:2 p.m.6 views

PYSEC-2026-1689 Nautobot may allows uploaded media files to be accessible without authentication

Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...

6.3CVSS5.9AI score0.00383EPSS
Exploits0References9
OSV
OSV
added 2026/07/07 2:34 p.m.5 views

PYSEC-2026-2076 Access control vulnerable to user data deletion by anonynmous users

Impact Anonymous users can delete the user data maintained by an AccessControl.userfolder.UserFolder which may prevent any privileged access. Patches The problem is fixed in version 7.2. Workarounds The problem can be fixed by adding dataroles = to AccessControl.userfolder.UserFolder. References...

9.1CVSS5.9AI score0.00413EPSS
Exploits0References6
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1687 Unauthenticated views may expose information to anonymous users

Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated anonymous users, including the following: - /api/graphql/ 1 - /api/users/users/session/ Nautobot 2.x only; the only information exposed to an anonymous user is which authentication backend classes...

3.7CVSS5.8AI score0.00628EPSS
Exploits0References11
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1494 Kinto Attachment's attachments can be replaced on read-only records

Impact The attachment file of an existing record can be replaced if the user has "read" permission on one of the parent collection or bucket. And if the "read" permission is given to "system.Everyone" on one of the parent, then the attachment can be replaced on a record using an anonymous request...

8.6CVSS5.9AI score0.00702EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-71385

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG...

6.1CVSS6AI score0.0024EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 8:17 p.m.10 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS0.0024EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 7:37 p.m.7 views

EUVD-2025-210409

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.0024EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:37 p.m.9 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.0024EPSS
Exploits0References5
Rows per page
Query Builder