Lucene search
K

53268 matches found

CVE
CVE
added 4 hours ago10 views

CVE-2026-56287

CVE-2026-56287 describes a boolean-based SQL Injection in Apache Fineract’s Client Search API (GET /api/v1/clients) affecting versions up to 1.14.0. The vulnerability arises from the orderBy and sortOrder parameters being concatenated into a SQL query without sufficient validation, enabling an au...

6.1AI score
Exploits0References3
Nuclei
Nuclei
added 9 hours ago12 views

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

7.5CVSS7AI score0.62368EPSS
Exploits2References2
Nuclei
Nuclei
added 9 hours ago19 views

Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

5.4CVSS6.7AI score0.04241EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago139 views

ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS6.4AI score0.01089EPSS
Exploits0References4
Nuclei
Nuclei
added 9 hours ago129 views

KeyCloak - Information Exposure

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients like client secret without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this...

6.5CVSS6.6AI score0.17943EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday15 views

CVE-2026-48125 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...

5.3CVSS
Exploits0References3
CVE
CVE
added yesterday26 views

CVE-2026-49853

Tornado before 6.5.6 exposed an Authorization header across cross-origin redirects in SimpleAsyncHTTPClient: when following 3xx redirects, the client shallow-copies the request and rewrites the URL without clearing Authorization (and related) headers if the origin changes. The issue is fixed in T...

7.7CVSS6.1AI score0.00034EPSS
Exploits0References4
CVE
CVE
added yesterday21 views

CVE-2026-48736

Symfony CVE-2026-48736 affects NoPrivateNetworkHttpClient / IpUtils::PRIVATE_SUBNETS, where IPv6 transition prefixes (6to4, NAT64, Teredo, IPv4‑mapped IPv6) were omitted, allowing attacker-controlled URLs to reference private IPv4 targets. Affected versions: 5.4.0–5.4.53, 6.4.0–6.4.41, 7.4.0–7.4....

6.9CVSS6.1AI score0.00029EPSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-54128

Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally...

8.4CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-50474

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50330

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to elevate privileges over a network...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-15642

Affected product: Devolutions Server 2026.1.22.0 and 2026.2.11.0. Vulnerable path: Recovery Kit response file generation feature. Root cause: insertion of sensitive information into the response file, leaking the Azure Key Vault client secret in cleartext even when the option to exclude sensitive...

6.1AI score
Exploits0References1
NVD
NVD
added yesterday13 views

CVE-2026-54990

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

9.8CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-58637

CVE-2026-58637 affects Windows Client-Side Caching (CSC) Service. Description and sources confirm a use-after-free vulnerability that enables an authorized local attacker to elevate privileges. Metrics indicate local attack vector, low privileges required, and no user interaction, with high confi...

7CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-58594 Remote Desktop Client Remote Code Execution Vulnerability

...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-58594

CVE-2026-58594 is a Windows Remote Desktop (RDP) vulnerability: integer overflow/wraparound in RDP leads to remote code execution over the network. Affected: Windows RDP client/server stack; impact per CVSS v3.1 is HIGH (8.8). Exploitation requires network access and likely user interaction depen...

8.8CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58539

CVE-2026-58539 : Out-of-bounds read in Windows RDP leading to information disclosure over a network. Connected sources confirm this as a Windows Remote Desktop Client/RDP issue with a network attack surface; no exploit details are provided in the documents. Microsoft has released updates to addre...

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58535

CVE-2026-58535 affects Windows Remote Desktop Client. Root cause: use of an uninitialized resource in Windows RDP, enabling an attacker to disclose information over the network. Impact: information disclosure with CVSS v3.1 base score 6.5 (NETWORK, USER INTERACTION required). Microsoft has releas...

6.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-58533

CVE-2026-58533 is a Windows Remote Desktop Client Information Disclosure vulnerability. The available sources describe an uninitialized resource in Windows RDP that could allow an unauthenticated attacker to disclose information over the network. Affected context is centered on the Windows Remote...

6.5CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-54128 Windows DHCP Client Remote Code Execution Vulnerability

...

8.4CVSS
Exploits0References1
Rows per page
Query Builder