Lucene search
K

194700 matches found

GithubExploit
GithubExploit
added 54 minutes ago8 views

Exploit-Chain-Suggestor

Exploit Chain Suggestor A CLI tool for penetration testers an...

6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 1 hour ago2 views

Malicious code in yt-api-dlp (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3b9ca286cef4b241ded9603c192ce5b13e155cad9b017ee3f89b98674065374 During import, this malicious copy of a legitimate package downloads an encrypted data disguise as an image. It contains an archive with a next-stage script th...

6AI score
Exploits0References4
NVD
NVD
added 1 hour ago7 views

CVE-2026-53359

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

Exploits0References6
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-41666

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

5.8AI score
Exploits0References6
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-53359 KVM: x86: Fix shadow paging use-after-free due to unexpected role

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

Exploits0References6
CVE
CVE
added 1 hour ago7 views

CVE-2026-53359

CVE-2026-53359 concerns the Linux kernel KVM/x86 shadow paging use-after-free caused by a mismatch in GFN handling when a PDE is modified to a non-leaf page. After the PDE change and memslot deletion, rmap entries tied to the GFN may not be removed, and kvm_mmu_page_get_gfn() can compute an incor...

5.8AI score
Exploits0References6
The Hacker News
The Hacker News
added 2 hours ago6 views

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

The North Korean threat actors linked to the Contagious Interview campaign have been observed publishing 108 unique packages and web browser extensions spanning npm, Packagist, Go, and Google Chrome as part of an ongoing activity referred to as PolinRider. "The campaign remains active, and new...

6.4AI score
Exploits0
Nuclei
Nuclei
added 10 hours ago48 views

BestWebSoft's Twitter < 2.55 - Cross-Site Scripting

The twitter-plugin plugin before 2.55 for WordPress has XSS. id: CVE-2017-18505 info: name: BestWebSoft's Twitter 2.55 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The twitter-plugin plugin before 2.55 for WordPress has XSS. impact: | Authenticated attackers can...

6.1CVSS6.4AI score0.01652EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago282 views

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

4.3CVSS6AI score0.0054EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago26 views

Welcart eCommerce <=2.7.7 - Local File Inclusion

Welcart eCommerce 2.7.7 and before are vulnerable to unauthenticated local file inclusion. id: CVE-2022-41840 info: name: Welcart eCommerce =2.7.8 or apply the provided patch to fix the LFI vulnerability. reference: -...

9.8CVSS7.2AI score0.05116EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago24 views

Joomla! Component Percha Image Attach 1.1 - Directory Traversal

A directory traversal vulnerability in the Percha Image Attach comperchaimageattach component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2034 info: name: Joomla...

7.5CVSS6.1AI score0.11077EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago41 views

Shirne CMS 1.2.0 - Local File Inclusion

Shirne CMS 1.2.0 is vulnerable to local file inclusion which could cause arbitrary file read via /static/ueditor/php/controller.php. id: CVE-2022-37299 info: name: Shirne CMS 1.2.0 - Local File Inclusion author: pikpikcu severity: medium description: Shirne CMS 1.2.0 is vulnerable to local file...

6.5CVSS6.7AI score0.02829EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago47 views

Academy LMS 6.2 - Cross-Site Scripting

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

6.1CVSS3.9AI score0.01835EPSS
Exploits4References2
Nuclei
Nuclei
added 10 hours ago30 views

Sympa version =>6.2.16 - Cross-Site Scripting

Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs. id: CVE-2018-1000671 info: name: Sympa version =6.2.16 -...

6.1CVSS6.6AI score0.03982EPSS
Exploits0References5
Nuclei
Nuclei
added 10 hours ago46 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS3.8AI score0.0097EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago33 views

Unyson < 2.7.27 - Cross Site Scripting

The plugin does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters id: CVE-2022-2219 info: name: Unyson 2.7.27 - Cross Site Scripting author: r3Y3r53 severity: high description:...

7.2CVSS7AI score0.01448EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago57 views

PrestaShop Theme Volty CMS Blog - SQL Injection

In the module 'Theme Volty CMS Blog' tvcmsblog up to versions 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-39650 info: name: PrestaShop Theme Volty CMS Blog - SQL Injection author: mastercho severity: critical description: | In the...

9.8CVSS7.2AI score0.03631EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago19 views

WordPress WP-Ban <1.69.1 - Stored Cross-Site Scripting

WordPress WP-Ban plugin before 1.69.1 contains a stored cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, which can allow high-privilege users to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be...

4.8CVSS5.8AI score0.00851EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago22 views

WordPress RSVP and Event Management <2.7.8 - Missing Authorization

WordPress RSVP and Event Management plugin before 2.7.8 is susceptible to missing authorization. The plugin does not have any authorization checks when exporting its entries, and the export function is hooked to the init action. An attacker can potentially retrieve sensitive information such as...

5.3CVSS6.2AI score0.03595EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago68 views

Structurizr on-premises - Cross Site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository structurizr/onpremises prior to 3194. id: CVE-2023-5556 info: name: Structurizr on-premises - Cross Site Scripting author: shankaracharya severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository...

6.1CVSS6.2AI score0.01222EPSS
Exploits1References3
Rows per page
Query Builder