Lucene search
K

4827 matches found

Nuclei
Nuclei
added 9 hours ago95 views

Sercomm VD625 Smart Modems - CRLF Injection

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...

9.8CVSS7.2AI score0.16062EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago108 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.8AI score0.0302EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago15 views

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

8.8CVSS6AI score0.01873EPSS
Exploits0References2
Nuclei
Nuclei
added 9 hours ago62 views

Apache mod_userdir CRLF injection

Apache CRLF injection allowing HTTP response splitting attacks on sites using moduserdir. id: CVE-2016-4975 info: name: Apache moduserdir CRLF injection author: melbadry9,nadino,xElkomy severity: medium description: Apache CRLF injection allowing HTTP response splitting attacks on sites using...

6.1CVSS6.6AI score0.19798EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.9AI score0.00292EPSS
Exploits0References7
Nuclei
Nuclei
added 2 days ago24 views

Zimbra Collaboration Suite - Memcached Command Injection

Zimbra Collaboration Suite versions 8.8.15 and 9.0 contain a memcached command injection vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, leading to cache poisoning and potential credential theft. id: CVE-2022-27924 info: name:...

7.5CVSS7.4AI score0.85398EPSS
Exploits2References2
OSV
OSV
added 4 days ago5 views

OESA-2026-2832 python-zeroconf security update

Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...

6AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.netty/netty-resolver-dns: Netty has Insufficient Bailiwick Validation for NS Records

A flaw was found in Netty's DnsResolveContext. An attacker controlling an authoritative name server for a subdomain can exploit this vulnerability by providing crafted NS records that are insufficiently validated. This allows the attacker to poison the DNS cache for parent domains, bypassing...

10CVSS5.9AI score0.00292EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/01 9:58 p.m.8 views

EUVD-2026-39027

Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 9:19 p.m.4 views

Deserialization of Untrusted Data

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CachedResultSet deserialization path in the RemoteQueryCachePlugin. An attacker can execute...

8.8CVSS6.7AI score0.00407EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

8.8CVSS0.00407EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 7:16 p.m.6 views

CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS0.00354EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:39 p.m.4 views

BIT-GHOST-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.5 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS7.4AI score0.01179EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.5 views

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without...

9.6CVSS7.4AI score0.01179EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/30 12:12 a.m.8 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.15 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.6CVSS7AI score0.0217EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.27 views

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-113 (ALASNITRO-ENCLAVES-2026-113)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-113 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...

9.9CVSS6.3AI score0.00412EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.15 views

Amazon Linux 2 : containerd, --advisory ALAS2ECS-2026-128 (ALASECS-2026-128)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-128 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...

9.9CVSS6.3AI score0.00412EPSS
Exploits0References12
Amazon
Amazon
added 2026/06/29 12:0 a.m.6 views

Important: containerd

Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...

9.9CVSS6AI score0.00412EPSS
Exploits0
Amazon
Amazon
added 2026/06/29 12:0 a.m.5 views

Important: containerd

Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...

9.9CVSS6AI score0.00412EPSS
Exploits0
Rows per page
Query Builder