Lucene search
K

22709 matches found

Nuclei
Nuclei
added 10 hours ago19 views

Zimbra Collaboration Suite - Memcached Command Injection

Zimbra Collaboration Suite versions 8.8.15 and 9.0 contain a memcached command injection vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, leading to cache poisoning and potential credential theft. id: CVE-2022-27924 info: name:...

7.5CVSS7.6AI score0.84593EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago104 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.7AI score0.0302EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago33 views

WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting

WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping...

6.1CVSS6.1AI score0.01996EPSS
Exploits2References3
Nuclei
Nuclei
added 10 hours ago78 views

Sercomm VD625 Smart Modems - CRLF Injection

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...

9.8CVSS7.3AI score0.16687EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago6 views

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

7.5CVSS7.2AI score0.02169EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago11 views

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

8.8CVSS5.8AI score0.01939EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago16 views

LiteSpeed Cache <= 6.5.0.2 - Stored XSS

LiteSpeed Technologies LiteSpeed Cache versions up to 6.5.0.2 contain a stored cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in victim browsers, exploit requires storing malicious input. id: CVE-2024-47374 info...

7.1CVSS6AI score0.0141EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago17 views

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS5.9AI score0.01367EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago26 views

WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1. id: CVE-2024-28000 info: name: WordPress LiteSpeed Cache - Unauthenticated Privilege Escalation to Admin...

9.8CVSS7.6AI score0.67925EPSS
Exploits8References5
EUVD
EUVD
added 13 hours ago7 views

EUVD-2026-40447

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory an...

1.9CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added 13 hours ago2 views

EUVD-2025-210393

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS5.9AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-14100

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

Exploits0References2
CVE
CVE
added yesterday16 views

CVE-2026-54899

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...

6.3CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-14100

CVE-2026-14100 affects Google Chrome’s NetworkCache, where insufficient data validation allows a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability exists in Chrome prior to version 150.0.7871.47 ; upgrading to 150.0.7871.47 or later is the stated remediation. Th...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2025-71381

Hono up to version 4.10.2 contains a vulnerability in its CORS middleware. If the origin is not set to “*”, the middleware copies the Vary header from the request into the response, allowing an attacker to reflect arbitrary Vary values. This can lead to cache key pollution and inconsistent CORS e...

6.9CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added yesterday12 views

CVE-2025-71381 Hono - Vary Header Injection in CORS Middleware

Hono before 4.10.2 fixed in 4.10.3 contains a flaw in its CORS middleware: when the origin is not set to "", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply arbitrary...

6.9CVSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-10140

IBM Langflow OSS 1.0.0 through 1.10.0 voice mode contains improper shared-state handling that allows reuse of API clients across tenant boundaries. An authenticated attacker can manipulate cache state to cause requests from other users to be processed using incorrect upstream API credentials,...

9.6CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday22 views

CVE-2026-7871 Insecure Deserialization in Redis Cache Backend

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-7871

IBM Langflow OSS 1.0.0 through 1.10.0 allows users with Redis access to execute arbitrary code with full application privileges, compromising all secrets, data, and system integrity...

9.8CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder