Lucene search
K

277748 matches found

GithubExploit
GithubExploit
added 11 minutes ago1 views

AI-Pentest

Auto Pentest Platform Platform otomasi penetration testing de...

Exploits0
The Hacker News
The Hacker News
added 27 minutes ago1 views

Exposed Hacker Server Reveals WP-SHELLSTORM Backdooring Thousands of WordPress Sites

A cybercrime crew left one of its own servers wide open on the internet for three weeks, and it exposed the operation's inner workings: the hacking tools, the activity logs, and target lists naming more than 1.4 million websites. Far fewer were actually broken into, but the exposed files showed...

Exploits0
NVD
NVD
added 1 hour ago5 views

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS
Exploits0References1
NVD
NVD
added 1 hour ago5 views

CVE-2026-41876

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago0 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS6.1AI score0.00126EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2 hours ago0 views

CVE-2026-15187

A flaw was found in enquirer, a command-line prompt tool. A remote attacker could exploit a vulnerability in the Enquirer.set function by manipulating the question.name argument. This improper handling of object prototype attributes can lead to prototype pollution, allowing an attacker to modify...

5.3CVSS6.1AI score
Exploits0References10
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-41880 OS Command Injection in R-SOFT DMS

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-42855

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-41880 OS Command Injection in R-SOFT DMS

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS
Exploits0References1
CVE
CVE
added 2 hours ago5 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-41876 OS Command Injection in R-SOFT DMS

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score
Exploits0References1
EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42853

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS6.3AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago4 views

CVE-2026-41876 OS Command Injection in R-SOFT DMS

R-SOFT DMS is vulnerable to OS Command Injection in konwertujAction function. The document converter executes shell commands using unsanitized file paths and format parameters. This allows an authenticated attacker to execute arbitrary system commands with the privileges of the web server user...

8.7CVSS
Exploits0References1
CVE
CVE
added 2 hours ago4 views

CVE-2026-41876

CVE-2026-41876 affects R-SOFT DMS. The vulnerability is an OS Command Injection in konwertujAction(), where the document converter executes shell commands using unsanitized file paths and format parameters, allowing an authenticated attacker to run arbitrary commands with the web server user’s pr...

8.7CVSS6.3AI score
Exploits0References1
The Hacker News
The Hacker News
added 2 hours ago3 views

Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets

Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom , and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out a...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 3 hours ago4 views

CVE-2026-58459

A flaw was found in gpsd, a service application that monitors one or more GPSes or AIS receivers. The gpsprof utility is vulnerable to a command injection. An attacker who can control the GPS device subtype value can embed malicious commands within the gnuplot plot title. When a user processes a...

8.4CVSS6.4AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 4 hours ago2 views

CVE-2026-47240

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is possible when an IMAP server does not support non-synchronizing literals, leading to the...

6.1CVSS6.2AI score0.00491EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 5 hours ago1 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...

9.9CVSS7.5AI score0.27095EPSS
Exploits9Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 5 hours ago3 views

Malicious code in fmt-date-lite (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c8dad7bd90f4cb0dbb1d4ce933bc39f04aefe4940a53605e5c3f30c48a313e4 On npm install, the package's postinstall lifecycle script runs the id command and transmits the resulting user/group identity to a hardcoded bare-IP...

6.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 5 hours ago13 views

Exploit for CVE-2026-50979

CVE-2026-50979: Authenticated Remote Code Execution in oPanel...

6.7AI score
Exploits0
Rows per page
Query Builder