Lucene search
+L

970 matches found

Nuclei
Nuclei
added 12 hours ago58 views

SEOPress < 7.9 - Authentication Bypass

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present. id:...

9.8CVSS7.2AI score0.03744EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-63086

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS6.2AI score0.00323EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

CVE-2026-63306 stoatchat before 0.13.5 Unauthenticated SSRF via proxy and embed endpoints

stoatchat before 0.13.5 contains an unauthenticated server-side request forgery vulnerability in the /proxy and /embed endpoints that accept arbitrary URLs without DNS resolution filtering or private IP range validation. Attackers can enumerate internal services, fingerprint applications, and rea...

9.2CVSS6.2AI score0.00241EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Alibaba Cloud Linux 3 : 0198: podman and buildah (ALINUX3-SA-2026:0198)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0198 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25679: url.Parse insufficiently...

9.1CVSS6.8AI score0.00728EPSS
Exploits0References10
Chainguard
Chainguard
added 2026/07/10 8:20 p.m.9 views

GHSA-9VCR-P3RJ-Q5Q6 vulnerabilities

Vulnerabilities for packages: crossplane-fips, kubescape, kubescape-server-fips, image-factory-fips, spire-server-fips, aactl, crossplane, falcoctl-fips, tkn, falcoctl, neuvector-sigstore-interface-fips, trivy-operator-fips, ratify, cloudbeat, trivy, policy-controller-fips, zarf-fips,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/07/10 8:20 p.m.12 views

CVE-2026-49834 vulnerabilities

Vulnerabilities for packages: crossplane-fips, kubescape, kubescape-server-fips, image-factory-fips, spire-server-fips, aactl, crossplane, falcoctl-fips, tkn, falcoctl, neuvector-sigstore-interface-fips, trivy-operator-fips, ratify, cloudbeat, trivy, policy-controller-fips, zarf-fips,...

5.9CVSS5.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.15 views

Alibaba Cloud Linux 3 : 0187: podman (ALINUX3-SA-2026:0187)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0187 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-25679: url.Parse insufficiently...

7.5CVSS6.8AI score0.00728EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/08 3:52 p.m.4 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7AI score0.0034EPSS
Exploits0References8
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.19 views

GHSA-F5MR-Q85P-6HH6 vulnerabilities

Vulnerabilities for packages: witness, buildah, skopeo, kubescape, gitsign, zarf, tekton-chains, undock, kyverno-notation-aws, kyverno, falcoctl, kots, flux-source-controller, podman, aactl, ratify, slsa-verifier...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/07/01 8:21 p.m.17 views

CVE-2026-49478 vulnerabilities

Vulnerabilities for packages: witness, buildah, skopeo, kubescape, gitsign, zarf, tekton-chains, undock, kyverno-notation-aws, kyverno, falcoctl, kots, flux-source-controller, podman, aactl, ratify, slsa-verifier...

5.1AI score
Exploits0
EUVD
EUVD
added 2026/06/30 7:24 p.m.7 views

EUVD-2026-40388

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score0.00303EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An...

6.5CVSS6AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 8:39 p.m.114 views

CVE-2026-53404

Apache Tomcat vulnerability CVE-2026-53404 describes an Always-Incorrect Control Flow in the RewriteValve. If the first condition in an OR chain matches, subsequent non-OR conditions may be skipped, altering rule evaluation. Affected versions include Tomcat 11.0.0-M1–11.0.22, 10.1.0-M1–10.1.55, 9...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53138

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a...

7.1CVSS6.1AI score0.00126EPSS
Exploits0References3
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.24 views

GHSA-Q4H4-GMJ2-QVW2 vulnerabilities

Vulnerabilities for packages: kubevela-fips, crossplane-provider-keycloak, crossplane-provider-aws-opensearch-fips, crossplane-provider-aws-vpc-fips, livekit-cli, sealed-secrets, nerdctl, crossplane-provider-aws-chime, crossplane-provider-azure-authorization, crossplane-provider-azure-search,...

5.3AI score
Exploits0
Chainguard
Chainguard
added 2026/06/26 8:22 p.m.10 views

GHSA-RM3J-F69W-WQMQ vulnerabilities

Vulnerabilities for packages: kubevela-fips, crossplane-provider-keycloak, crossplane-provider-aws-opensearch-fips, crossplane-provider-aws-vpc-fips, livekit-cli, sealed-secrets, nerdctl, crossplane-provider-aws-chime, crossplane-provider-azure-authorization, crossplane-provider-azure-search,...

5.3AI score
Exploits0
Wolfi
Wolfi
added 2026/06/26 8:22 p.m.10 views

GHSA-W879-237Q-WC7R vulnerabilities

Vulnerabilities for packages: age, snyk-cli, kine, step-issuer, helm, falcoctl, crossplane-provider-azure-authorization, wal-g, gptscript, splunk-otel-collector, kubernetes, kubernetes-dashboard, cert-manager, kyverno, vault-benchmark, mattermost, caddy, flux-operator, go-discover, k8sgpt, melang...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

RockyLinux 9 : buildah (RLSA-2026:29455)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29455 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

9.1CVSS5.9AI score0.00728EPSS
Exploits0References13
OSV
OSV
added 2026/06/25 6:16 p.m.5 views

UBUNTU-CVE-2026-6091

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6.5CVSS5.8AI score0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 3:31 p.m.2 views

OPENSUSE-SU-2026:21159-1 Security update for python-py7zr

This update for python-py7zr fixes the following issues: Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 - CVE-2026-55195: unchecked extraction size can cause a denial of service bsc1268665 -...

8.7CVSS5.9AI score0.00404EPSS
Exploits0References6
Rows per page
Query Builder