Lucene search
+L

34393 matches found

ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-63086

text-generation-inference through 3.3.7 contains a server-side request forgery SSRF vulnerability in the OpenAI-compatible multimodal chat completions endpoint that allows unauthenticated network attackers to coerce the server into issuing arbitrary HTTP GET requests by supplying a crafted imageu...

8.6CVSS6.2AI score
Exploits0References3
Nuclei
Nuclei
added yesterday46 views

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS7AI score0.0122EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday14 views

VMWare Cloud Foundation NSX-V - XML External Entity (XXE)

VMware Cloud Foundation NSX-V contains an XML External Entity XXE vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure. id: CVE-2022-31678 info: name: VMWare Cloud...

9.1CVSS6.9AI score0.08019EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday49 views

EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier.The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands.The injected comman...

10CVSS6.2AI score0.12334EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday55 views

Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday19 views

Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

10CVSS7AI score0.03311EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday104 views

Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS6AI score0.33618EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday71 views

Pascom CPS Server-Side Request Forgery

Pascom versions before 7.20 packaged with Cloud Phone System contain a known server-side request forgery vulnerability. id: CVE-2021-45967 info: name: Pascom CPS Server-Side Request Forgery author: dwisiswant0 severity: critical description: Pascom versions before 7.20 packaged with Cloud Phone...

9.8CVSS7AI score0.208EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday16 views

MagicMirror <= 2.35.0 - Server-Side Request Forgery

An unauthenticated Server-Side Request Forgery SSRF vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment...

9.2CVSS6.2AI score0.01623EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday36 views

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

9.9CVSS7.6AI score0.05258EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday139 views

Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is susceptible to remote code execution. Applications using both spring-cloud-netflix-hystrix-dashboard and spring-boot-starter-thymeleaf expose a way to execute code submitted within the request URI path during the resolution of view...

8.8CVSS7.3AI score0.13035EPSS
Exploits0References5
Chainguard
Chainguard
added yesterday4 views

CVE-2026-23459 vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

8.2CVSS7AI score0.00299EPSS
Exploits0
Chainguard
Chainguard
added yesterday4 views

GHSA-WVXF-4P9H-5VG9 vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Chainguard
Chainguard
added yesterday4 views

GHSA-W776-5FWP-835Q vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Chainguard
Chainguard
added yesterday3 views

GHSA-W447-HXJ8-XQ6P vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Chainguard
Chainguard
added yesterday2 views

GHSA-RGJ9-VX7J-X86J vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Chainguard
Chainguard
added yesterday5 views

GHSA-M424-X6WR-WWGW vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Chainguard
Chainguard
added yesterday4 views

GHSA-JHVQ-4R2H-7C2Q vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Chainguard
Chainguard
added yesterday5 views

GHSA-J57X-5H9F-J263 vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Chainguard
Chainguard
added yesterday4 views

GHSA-9J35-6CP9-6X6G vulnerabilities

Vulnerabilities for packages: linux-qemu, linux-gcp...

6.1AI score
Exploits0
Rows per page
Query Builder