Lucene search
K

25220 matches found

GithubExploit
GithubExploit
added 4 hours ago11 views

Exploit for Improper Handling of Case Sensitivity in Apache Camel

Case-Variant Camel Header Injection Reproducer CVE-2026-40453...

9.9CVSS6.1AI score0.0086EPSS
Exploits1
NVD
NVD
added 6 hours ago8 views

CVE-2026-59876

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS
Exploits0References4
NVD
NVD
added 6 hours ago7 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 6 hours ago2 views

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by vulnerabilities in Jackson Data Binding, Micrometer, Keycloak Policy Enforcer, Apache CXF Vulnerability Details CVEID:CVE-2026-40983 DESCRIPTION: In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cau...

8.1CVSS5.9AI score0.00677EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 6 hours ago15 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-pqc FileBasedKeyLifecycleManager Unsafe Deserialization...

7.8CVSS6.2AI score0.00342EPSS
Exploits1
GithubExploit
GithubExploit
added 6 hours ago16 views

Exploit for CVE-2026-38526

CVE-2026-38526 - Krayin CRM PHP Upload RCE Automated exploit...

9.9CVSS6.5AI score0.00834EPSS
Exploits6
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 hours ago2 views

CVE-2026-59724

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-59724 Socket.IO: Engine.IO WebTransport SID DoS

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS
Exploits0References3
CVE
CVE
added 6 hours ago7 views

CVE-2026-59724

Socket.IO’s Engine.IO component is affected in versions 6.5.0–6.6.6 when WebTransport is enabled. During a WebTransport upgrade, processing a crafted session ID such as proto on an inherited property of the clients object can trigger a TypeError, leading to a denial of service. The issue has been...

7.5CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42312

Socket.IO enables bidirectional and low-latency communication for every platform. From 6.5.0 before 6.6.7, Engine.IO servers with WebTransport enabled can resolve a crafted session ID such as proto through an inherited property of the clients object during WebTransport upgrade handling, causing a...

7.5CVSS5.9AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 hours ago3 views

CVE-2026-59876

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS6AI score
Exploits0References5Affected Software1
CVE
CVE
added 6 hours ago6 views

CVE-2026-59876

CVE-2026-59876 affects protobufjs (Text Format extension) where, from 8.2.0 through 8.6.5, string-keyed map entries were parsed via ordinary property assignment, allowing a map entry with key proto to mutate the prototype of the returned map instead of creating an own entry in protobufjs/ext/text...

4.8CVSS6AI score
Exploits0References4
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS
Exploits0References4
EUVD
EUVD
added 6 hours ago5 views

EUVD-2026-42311

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS6AI score
Exploits0References4
SUSE Linux
SUSE Linux
added 7 hours ago3 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 RT kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-10263: arm64: cputype: Add C1-Ultra definitions bsc1266290. CVE-2025-40216: iouring/rsrc: don't rely on user vaddr alignment bsc1259764. CVE-2025-40341: futex:...

9.3CVSS0.00474EPSS
Exploits1References706
Ubuntu
Ubuntu
added 8 hours ago1 views

USN-8516-1: Apache HTTP Server vulnerabilities

It was discovered that Apache HTTP Server's modldap module incorrectly handled memory when processing per-directory configurations. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-29167 It was discovered...

9.8CVSS0.00805EPSS
Exploits0
Krebs on Security
Krebs on Security
added 9 hours ago4 views

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 11 hours ago28 views

Exploit for CVE-2026-40047

camel-docling CLI Argument Injection / Path Traversal Reproduc...

9.1CVSS6AI score0.01257EPSS
Exploits1
NVD
NVD
added 12 hours ago6 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.5CVSS
Exploits0References2
Rows per page
Query Builder