Lucene search
K

10579 matches found

Nuclei
Nuclei
added 10 hours ago38 views

Java-springboot-codebase 1.1 - Arbitrary File Read

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

8.7CVSS7.1AI score0.03847EPSS
Exploits14References5
NVD
NVD
added yesterday6 views

CVE-2026-58638

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

6CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-49783

Improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-58638 Windows Boot Loader Security Feature Bypass Vulnerability

...

6CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58638

CVE-2026-58638 is a Windows Boot Loader security feature bypass caused by a missing cryptographic step. The vulnerability allows a locally authenticated attacker to bypass a security feature. Public material in connected sources attributes the issue to Windows Boot Loader behavior and notes Micro...

6CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday12 views

CVE-2026-49783 Secure Boot Security Feature Bypass Vulnerability

...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2025-11698

The CVE-2025-11698 vulnerability affects 5380/5480/5580 controllers with boot firmware versions below 1.072. It enables a denial-of-service by allowing a malicious actor to write invalid file data to the controller, potentially causing a major non-recoverable fault (MNRF). The documents do not pr...

9.2CVSS6.1AI score
Exploits0References1
Microsoft KB
Microsoft KB
added yesterday19 views

May 12, 2026—KB5087537 (OS Build 14393.9140)

None None...

9.8CVSS6.8AI score0.72253EPSS
Exploits32
Microsoft KB
Microsoft KB
added yesterday83 views

June 9, 2026—KB5094042 (Monthly Rollup)

None None...

9.8CVSS6.8AI score0.21506EPSS
Exploits2
Microsoft KB
Microsoft KB
added yesterday35 views

June 9, 2026—KB5094041 (Monthly Rollup)

None None...

9.8CVSS6.8AI score0.21506EPSS
Exploits2
Nuclei
Nuclei
added yesterday93 views

Spring Boot Actuator Logview Directory Traversal

spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint maven package "eu.hinsch:spring-boot-actuator-logview". id: CVE-2021-21234 info: name: Spring Boot Actuator Logview...

7.7CVSS7AI score0.21173EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday139 views

Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

8.8CVSS7.3AI score0.13035EPSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-43556

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS6.2AI score0.00283EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58157

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description An improperly implemented security check for standard in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. This issue is particularly critical for server...

7.8CVSS6AI score
Exploits0References3
CVE
CVE
added 2 days ago14 views

CVE-2026-62242

CVE-2026-62242 affects Spring Boot Admin Server prior to 4.1.2. The vulnerability is a server-side request forgery in the unauthenticated instance registration flow, where attacker-controlled healthUrl and managementUrl are not validated against private IP ranges or metadata endpoints. This allow...

8.6CVSS6.2AI score0.00283EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-62242 Spring Boot Admin Server < 4.1.2 SSRF via Unauthenticated Instance Registration

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can...

8.6CVSS0.00283EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43297

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS6.1AI score0.00447EPSS
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-4769

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS0.00447EPSS
Exploits0References1
CVE
CVE
added 2 days ago21 views

CVE-2026-4769

The affected product family is WAGO System I/O Field series devices. The CVE describes an undocumented internal diagnostic capability that activates during the initial startup sequence and remains accessible without authentication for a brief window in the early boot phase. During this window, an...

9.8CVSS6.1AI score0.00447EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-4769 Unauthenticated Access to Internal Diagnostic Interface

Certain devices in the WAGO System I/O Field series activate an internal diagnostic capability during the initial startup sequence. This functionality is not formally documented and becomes accessible without authentication for a brief period in the early boot phase. During this window, an...

9.8CVSS0.00447EPSS
Exploits0References1
Rows per page
Query Builder