Lucene search
+L

1057001 matches found

CVE
CVE
added 37 minutes ago0 views

CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS
Exploits0References3
Cvelist
Cvelist
added 37 minutes ago1 views

CVE-2026-63093 Cursor for Windows 3.2.16 RCE via Malicious git.exe in Workspace

Cursor for Windows version 3.2.16 contains a binary planting vulnerability that allows remote attackers to achieve arbitrary code execution by placing a malicious git.exe file in the repository root directory. When a developer clones and opens a crafted repository, Cursor automatically resolves a...

8.8CVSS
Exploits0References3
NVD
NVD
added 44 minutes ago1 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS
Exploits0References1
OSV
OSV
added 1 hour ago9 views

UBUNTU-CVE-2026-11386

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...

9CVSS6.4AI score
Exploits0References3
OSV
OSV
added 1 hour ago9 views

UBUNTU-CVE-2026-12391

An insecure symlink following vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools within the pro collect-logs command framework. The utility creates or utilizes predictable temporary file paths or user-accessible log directories when gathering diagnostic informatio...

5CVSS6.1AI score
Exploits0References3
The Hacker News
The Hacker News
added 1 hour ago2 views

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. "Any user who ran the project ended up with a four-stage payload...

6.3AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago3 views

Exploit for Path Traversal in Gogs

CVE-2025-8110 — Gogs Arbitrary File Write PoC Proof-of-conc...

8.8CVSS8AI score0.7654EPSS
Exploits18
ATTACKERKB
ATTACKERKB
added 1 hour ago1 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS
Exploits0References2Affected Software1
CVE
CVE
added 1 hour ago3 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS5.6AI score
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2024-23577

HCL Aftermarket EPC is vulnerable since the application does not have a validation for HOST header and accepts arbitrary hosts when requested in http protocol. When an application doesn’t adequately validate or sanitize this header, it can lead to several security risks, including Host header...

4.3CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago1 views

CVE-2026-41845

A flaw was found in Spring Framework. Due to incorrect escaping when using JavaScriptUtils.javaScriptEscape, a remote attacker could inject malicious JavaScript code into a user's browser. This could lead to a cross-site scripting XSS vulnerability, allowing the attacker to execute arbitrary...

7.1CVSS0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 1 hour ago1 views

CVE-2026-41844

A flaw was found in Spring Framework. A Spring MVC or Spring WebFlux application that configures a mapping for "/" without explicitly specifying the view name is vulnerable. An attacker can exploit this by crafting a malicious link, leading to an open redirect. This allows the attacker to redirec...

6.1CVSS0.00134EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 1 hour ago1 views

CVE-2026-41846

A flaw was found in Spring MVC applications, part of the Spring Framework. This vulnerability allows a remote attacker to inject arbitrary HTML or JavaScript code due to improper handling of user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags. Successful...

6.8CVSS0.0014EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 1 hour ago1 views

CVE-2026-41854

A flaw was found in Spring Framework. Due to incorrect host parsing in the UriComponentsBuilder component, applications that process externally provided URL strings may be vulnerable to a Server-Side Request Forgery SSRF attack. An SSRF attack allows an attacker to trick the server into making...

6.5CVSS0.00123EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2 hours ago4 views

Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords

Shark’s cloud-connected robot vacuums are currently exposed by an unpatched AWS Amazon Web Services IoT Internet of Things policy flaw that could turn one compromised device into a remote-control skeleton key for many others in the same region, with access to cameras, maps, and Wi‑Fi passwords. A...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2 hours ago5 views

Windows-AppResolver-LPE-PoC

Windows AppResolver LPE PoC Proof of concept for an AppResolv...

7.8CVSS5.6AI score0.00402EPSS
Exploits2
GithubExploit
GithubExploit
added 2 hours ago7 views

Exploit for CVE-2026-50454

CVE-2026-50454 SYSTEM Shell PoC Proof of concept for CVE-2026...

7.8CVSS5.7AI score0.00402EPSS
Exploits2
Rockylinux
Rockylinux
added 2 hours ago1 views

jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update

An update is available for jackson-modules-base, jackson-databind, jackson-jaxrs-providers, jackson-annotations, jackson-core. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.1CVSS0.00695EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 3 hours ago30 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00412EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added 3 hours ago28 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
Rows per page
Query Builder