Lucene search
K

5175 matches found

Nuclei
Nuclei
added 20 hours ago27 views

Joomla! Component Address Book 1.5.0 - Local File Inclusion

A directory traversal vulnerability in the AddressBook comaddressbook component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1471 info: name: Joomla! Component Address Book 1.5.0 - Local File Inclusion...

7.5CVSS6.2AI score0.16152EPSS
Exploits2References4
Nuclei
Nuclei
added 20 hours ago38 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.2AI score0.04974EPSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-43139

The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Map Module 'bwidthmap' Field in all versions up to, and including, 7.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2025-45422

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...

8.1CVSS0.00448EPSS
Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2025-45422

The CVE-2025-45422 entry concerns Proximus b-box v8c.725A and describes an Incorrect access control vulnerability. According to the sources, authenticated attackers can bypass normal restrictions and make arbitrary changes to port forwarding rules. The NVD metrics indicate a CVSS 3.1 base score o...

8.1CVSS6AI score0.00448EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago27 views

CVE-2025-45422

Incorrect access control in Proximus b-box v8c.725A allows authenticated attackers to bypass normal restrictions and make arbitrary changes to port forwarding rules...

0.00448EPSS
Exploits0References4
CVE
CVE
added 6 days ago16 views

CVE-2026-6901

CVE-2026-6901 affects B&R Industrial Automation GmbH APROL (pre-R 4.4-01P5). The vulnerability is described as an Untrusted Search Path issue. According to the provided metrics, the impact is high for confidentiality and integrity (CVSS v3.1: HIGH/C:H/I:H; LOCAL access, no user interaction) with ...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41868

Improper certificate validation vulnerability in B&R Industrial Automation GmbH APROL. This issue affects APROL: before R 4.4-01P5...

9.1CVSS5.9AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/07/03 6:13 a.m.38 views

CVE-2026-11856

CVE-2026-11856 describes a cross-origin Digest authentication state leak in libcurl. When a transfer is performed to hostA using Digest auth and the origin is then changed to hostB while reusing the same handle, libcurl may forward the Authorization header intended for hostA to hostB. This is a h...

9.8CVSS6AI score0.01064EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36965

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-39579

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.30 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.14 views

CVE-2026-39579

CVE-2026-39579 affects the WordPress plugin B Blocks up to version 2.0.31 . The vulnerability is a privilege escalation in contributor level, with a high impact (CVE metrics: CVSS 3.1 base score 8.8, scope UNCHANGED, confidentiality/integrity/availability all HIGH). Affected component is the plug...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.9 views

CVE-2026-39579 WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49400

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

8.8CVSS5.2AI score0.00278EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0259

An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...

7.1CVSS5.6AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

8.1CVSS5.5AI score0.00138EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/05 12:0 a.m.32 views

RecurGuard: Runtime Monitoring for Reasoning-Token Consumption Attacks

Reasoning-capable large language models can be induced to spend their generation budget on injected decoy tasks rather than answering the user's question, causing denial of service when no final answer is produced and denial of wallet when excess output tokens are billed. Input-side safety...

5.6AI score
Exploits0
OSV
OSV
added 2026/06/04 5:49 p.m.9 views

GHSA-C82X-F4XR-QV33 epa4all-client: Unauthenticated REST API for Patient Record Writes

Impact Any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g., following the production Docker example in the README, this is exploitable from the local network without...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References4
Rows per page
Query Builder