Lucene search
K

150877 matches found

GithubExploit
GithubExploit
added 43 minutes ago2 views

Exploit for CVE-2026-53359

CVE-2026-53359 A 16-year-old bug in the Linux kernel lets a re...

7AI score0.00176EPSS
Exploits4
GithubExploit
GithubExploit
added 1 hour ago4 views

Exploit for Use After Free in Linux Linux_Kernel

CVE-2026-43499 for popsicle This repository contains the CV...

7.8CVSS6.7AI score0.00125EPSS
Exploits17
GithubExploit
GithubExploit
added 2 hours ago6 views

Exploit for Improper Authentication in Google Android

BT-HID-PoC — CVE-2023-45866 Interactive Wizard DISCLAIMER...

6.3CVSS6.8AI score0.07879EPSS
Exploits9
GithubExploit
GithubExploit
added 5 hours ago6 views

stellaswap-v040-poc

PoC V-040 — Flash-vote Bribe Theft en StellaSwap Proof of...

6AI score
Exploits0
GithubExploit
GithubExploit
added 7 hours ago15 views

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591-PoC CVE-2025-27591 PoC — Below Local Privileg...

6.8CVSS6.8AI score0.0036EPSS
Exploits23
GithubExploit
GithubExploit
added 9 hours ago0 views

Exploit for Use After Free in Linux Linux_Kernel

Logitech G Cloud · CVE-2026-43499 Root Attempt Note: F...

7.8CVSS0.00125EPSS
Exploits17
EUVD
EUVD
added 11 hours ago4 views

EUVD-2025-210470

A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...

6AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.1 Vulnerability Details CVEID:CVE-2026-42342 DESCRIPTION: React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certai...

9.1CVSS7AI score0.0048EPSS
Exploits3Affected Software1
NVD
NVD
added yesterday8 views

CVE-2025-56363

A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-50130

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS
Exploits0References3
OSV
OSV
added yesterday2 views

JLSEC-2026-709

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...

2.1CVSS6.1AI score0.00265EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-50130

CVE-2026-50130 : Pi-hole on versions 6.0–6.4.2 is vulnerable to local privilege escalation from the unprivileged pihole user to root via replacement of /etc/pihole/logrotate. The attack works because the replacement is laundered to root:root by pihole-FTL-prestart.sh and then parsed as root by th...

8.8CVSS6.4AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-50130

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS6.4AI score
Exploits0References4Affected Software1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-50130 Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-44529

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...

8.8CVSS6.4AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-49978

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify INPLACE sanitization could skip shadow contents attached to an element inside .content, allowing attacker-controlled markup such as event handlers, JavaScript URLs, or scripts to survive an...

6.3CVSS0.00038EPSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-49458

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitizenode, INPLACE: true accepted same-origin foreign-realm DOM nodes while follow-on checks used parent-realm constructors, causing instanceof checks for forms, named node maps, documen...

6.1CVSS0.00055EPSS
Exploits0References3
OSV
OSV
added yesterday3 views

GHSA-CM26-5974-52H8 nebula-mesh: Certificate revocation is never enforced at the mesh

Summary nebula-mesh revokes a host by adding its certificate fingerprint to a per-CA blocklist and shipping that list to every other agent on each poll. Slack's Nebula enforces certificate revocation ONLY through the pki.blocklist list in config.yml no CRL/OCSP. The project's own code states this...

8.1CVSS6.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday5 views

nebula-mesh: Certificate revocation is never enforced at the mesh

Summary nebula-mesh revokes a host by adding its certificate fingerprint to a per-CA blocklist and shipping that list to every other agent on each poll. Slack's Nebula enforces certificate revocation ONLY through the pki.blocklist list in config.yml no CRL/OCSP. The project's own code states this...

6.1AI score
Exploits0References4Affected Software1
OSV
OSV
added yesterday2 views

GHSA-MF78-3RPF-R784 Anyquery: Local File Read (LFR) via Unrestricted SQLite Virtual Table Modules in Server Mode

Summary Anyquery's server mode lacks input sanitization and access control over its built-in SQLite virtual table modules e.g., csvreader, logreader. Unauthenticated attackers connecting to the MySQL-compatible server port can create virtual tables pointing to local files on the system e.g.,...

7.5CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder