Lucene search
+L

945804 matches found

GithubExploit
GithubExploit
added 44 minutes ago4 views

Exploit for Use After Free in Linux Linux_Kernel

CVE-2026-43499 — Galaxy S25 Ultra Port This repository contai...

7.8CVSS6.1AI score0.00125EPSS
Exploits20
Cvelist
Cvelist
added 56 minutes ago1 views

CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS
Exploits0References5
CVE
CVE
added 56 minutes ago1 views

CVE-2026-13767 Quiz and Survey Master (QSM) <= 11.2.0 - Authenticated (Custom+) SQL Injection via 'pages' Parameter

The Quiz Master Next plugin for WordPress is vulnerable to SQL Injection via stored quiz page data in versions up to, and including, 11.2.0. This is due to insufficient escaping on the user-supplied 'pages' parameter persisted by the qsmajaxsavepages AJAX handler sanitizetextfield only and lack o...

6.5CVSS
Exploits0References5
RedhatCVE
RedhatCVE
added 1 hour ago0 views

CVE-2026-59886

A remote attacker can exploit this by providing specially crafted BER/CER/DER-encoded ASN.1 data with a large exponent in the REAL value. When the application subsequently prints, logs, compares, or performs arithmetic on the decoded value, this can cause excessive CPU and memory consumption,...

7.5CVSS0.00339EPSS
Exploits0References6
NVD
NVD
added 1 hour ago2 views

CVE-2026-15925

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by...

9.2CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 1 hour ago0 views

CVE-2026-15697

A flaw was found in svgdotjs svg.js. A remote attacker could exploit a vulnerability in the EventTarget.on function, which improperly controls modifications to object prototype attributes. This could allow an attacker to manipulate object properties, potentially leading to unintended behavior or...

6.5CVSS0.0033EPSS
Exploits0References9
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-44858

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS6.1AI score
Exploits0References7
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-44869

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by...

9.2CVSS6.2AI score
Exploits0References1
CVE
CVE
added 3 hours ago9 views

CVE-2026-15925

The CVE-2026-15925 entry describes an Improper TLS hostname verification vulnerability in Snowflake Connector for Python and affects versions prior to 4.7.1. An on-path attacker who can intercept traffic could bypass hostname validation during HTTPS connections by presenting a certificate from an...

9.2CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 3 hours ago5 views

CVE-2026-15925 Improper TLS Hostname Verification in Snowflake Connector for Python

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by...

9.2CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 hours ago1 views

CVE-2026-15925

Improper TLS hostname verification in Snowflake Connector for Python versions prior to 4.7.1 may have allowed a network-positioned attacker to bypass certificate hostname validation on HTTPS connections made by the connector. An attacker with on-path network access could exploit this by...

9.2CVSS
Exploits0References2Affected Software1
NVD
NVD
added 4 hours ago7 views

CVE-2026-12409

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS
Exploits0References6
CVE
CVE
added 6 hours ago9 views

CVE-2026-12409

Technical details about CVE-2026-12409 are not publicly available in the provided documents. No connected sources with affected products, versions, impact, or fixes are present. Monitor for updates from official feeds.

4.3CVSS6.1AI score
Exploits0References6
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-12409 Landing Page Builder <= 1.5.3.6 - Cross-Site Request Forgery to ulpb_admin_data AJAX Action

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 6 hours ago1 views

CVE-2026-12409

The Landing Page Builder – Coming Soon page, Maintenance Mode, Lead Page, WordPress Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.3.6. This is due to missing or incorrect nonce validation on the ulpbadminajax function. Thi...

4.3CVSS
Exploits0References7
GithubExploit
GithubExploit
added 6 hours ago10 views

Exploit for Use After Free in Linux Linux_Kernel

GhostLock CVE-2026-43499 – Redmi K70 Ultra rothko A data-...

7.8CVSS6.8AI score0.00125EPSS
Exploits20
Microsoft Secure
Microsoft Secure
added 7 hours ago4 views

Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery

In this article 1. Attack chain overview 2. How the attack started: GitHub Actions pwn request 3. Mitigation and protection guidance 4. Learn more On July 14, 2026, Microsoft Threat Intelligence identified a coordinated supply chain compromise of the @asyncapi npm organization, a widely used set ...

6.3AI score
Exploits0
NVD
NVD
added 7 hours ago6 views

CVE-2026-3842

A flaw was found in QEMU. This vulnerability allows a local attacker within a guest virtual machine to write data beyond its allocated memory. This occurs when cpuphysicalmemorymap returns a shorter length than expected, leading to an out-of-bounds write. Successful exploitation could result in...

7.8CVSS
Exploits0References2
NVD
NVD
added 7 hours ago6 views

CVE-2026-23538

A vulnerability was identified in the Feast Feature Server's /ws/chat endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU...

7.5CVSS
Exploits0References3
GithubExploit
GithubExploit
added 8 hours ago17 views

xss-lab-writeup

My First XSS Lab: Reflected, Stored & Fake Login Attack By:...

6AI score
Exploits0
Rows per page
Query Builder