Lucene search
K

121602 matches found

RedhatCVE
RedhatCVE
added 10 hours ago3 views

CVE-2026-46633

A flaw was found in Twig, a template language for PHP. This vulnerability occurs because the Compiler::string function does not properly escape single quotes when processing a template name from a % use % tag within a PHP single-quoted string literal. A remote attacker could craft a malicious...

9.8CVSS6.2AI score0.00357EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 10 hours ago4 views

CVE-2026-46640

A flaw was found in Twig, a template language for PHP. An attacker with low privileges could exploit a vulnerability in the self. and import-alias dynamic attribute syntax. By concatenating a malicious string into a MacroReferenceExpression name without proper validation, the attacker can cause r...

8.7CVSS6.4AI score0.00056EPSS
Exploits0References2
NVD
NVD
added 11 hours ago3 views

CVE-2026-56400

open-webui before 0.3.14 contains a cross-origin resource sharing misconfiguration allowing arbitrary origins with alloworigins= and authenticated requests to the /api/v1/functions endpoint. Attackers can execute arbitrary code on the openwebui instance by crafting malicious cross-site requests...

9CVSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 11 hours ago18 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 11 hours ago17 views

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

8.4CVSS6AI score0.00456EPSS
Exploits0References2
Cvelist
Cvelist
added 11 hours ago5 views

CVE-2026-61446 PraisonAI before 1.6.78 Remote Code Execution via Plugin Auto-Discovery

PraisonAI praisonaiagents before 1.6.78 contains a remote code execution vulnerability in the plugin manager, which loads and executes arbitrary Python .py files from project-level and user-home .praisonai/plugins/ directories using importlib specfromfilelocation and execmodule without code...

8.6CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 18 hours ago7 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score
Exploits0References2
CVE
CVE
added 18 hours ago10 views

CVE-2026-42936

The CVE-2026-42936 entry concerns the HYPER SBI 2 installer, which insecurely loads Dynamic Link Libraries. A local attacker can place a crafted DLL in the installer’s directory, enabling arbitrary code execution with the invoking user’s privileges during installation. The documented impact is hi...

8.4CVSS7.1AI score
Exploits0References1
EUVD
EUVD
added 18 hours ago7 views

EUVD-2026-44591

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score
Exploits0References1
Nuclei
Nuclei
added 18 hours ago13 views

WP User Manager – User Profile Builder & Membership - Local File Inclusion

WP User Manager – User Profile Builder & Membership plugin for WordPress = 2.9.17 contains a local file inclusion caused by improper handling in the profile template scope function, letting unauthenticated attackers execute arbitrary PHP code, exploit requires ability to upload or control PHP...

7.5CVSS6.3AI score0.02403EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago16 views

Roxy-WI < 6.1.1.0 - Remote Code Execution

Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the subprocessexecute function without processing the inputs received from the user in the /app/options.py file. id: CVE-2022-31137 info: name: Roxy-WI 6.1.1.0 - Remote Code Execution author:...

10CVSS7.3AI score0.90387EPSS
Exploits15References4
Nuclei
Nuclei
added 18 hours ago18 views

idcCMS V1.60 - Cross-Site Scripting

idcCMS V1.60 is vulnerable to reflected cross-site scripting XSS via the idName parameter in read.php. Unsanitized user input is reflected in the response, allowing arbitrary JavaScript execution. id: CVE-2024-11587 info: name: idcCMS V1.60 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.1AI score0.00886EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago80 views

Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion

A vulnerability in Swift Performance Lite before version 2.3.7.2 allows unauthenticated attackers to perform local PHP file inclusion via the 'ajaxify' parameter. This can lead to arbitrary code execution on the server. id: CVE-2024-10516 info: name: Swift Performance Lite 2.3.7.2 - Local PHP Fil...

8.1CVSS7.4AI score0.06479EPSS
Exploits1References2
Nuclei
Nuclei
added 18 hours ago37 views

TOTOLINK CX-A3002RU - Remote Code Execution

An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote...

6.8CVSS6.4AI score0.0379EPSS
Exploits0References4
Nuclei
Nuclei
added 18 hours ago39 views

Joomla! Portfolio Nexus - Remote File Inclusion

Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF comifnexus component that allows remote attackers to include and execute arbitrary local files via a .. dot dot in the controller parameter to index.php. id: CVE-2009-4679 info: name: Joomla! Portfol...

7.5CVSS6.3AI score0.07866EPSS
Exploits1References4
Nuclei
Nuclei
added 18 hours ago73 views

shadoweb wdja v1.5.1 - Cross-Site Scripting

shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. id: CVE-2020-20982 info: name: shadoweb wdja v1.5.1 - Cross-Site Scripting author:...

9.6CVSS7.2AI score0.06095EPSS
Exploits0References3
Nuclei
Nuclei
added 18 hours ago87 views

WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload

Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...

9.8CVSS7.3AI score0.40595EPSS
Exploits3References3
Nuclei
Nuclei
added 18 hours ago49 views

WAVLINK WN535 G3 - Improper Access Control

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...

7.5CVSS7.2AI score0.02995EPSS
Exploits1References5
EUVD
EUVD
added 22 hours ago3 views

EUVD-2026-44581

Buffer Overflow vulnerability in OpenHTJ2K v.0.18.4 and before allows an attacker to execute arbitrary code via the openhtj2kdecoderimpl::invoke, invokelinebased, invokelinebasedstream, and invokelinebasedpredecoded function in source/core/interface/decoder.cpp...

9.8CVSS6.3AI score
Exploits0References4
EUVD
EUVD
added 22 hours ago3 views

EUVD-2026-44563

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References2
Rows per page
Query Builder