Lucene search
K

3041 matches found

Nuclei
Nuclei
added 15 hours ago77 views

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

9.1CVSS7.3AI score0.95EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 11:16 p.m.34 views

CVE-2026-51219

A heap buffer overflow in the HighPriorityASDUQueuehasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service DoS via a crafted payload...

6.5CVSS0.00348EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.7 views

CVE-2026-54270

A flaw was found in protobufjs. This library compiles protobuf definitions into JavaScript JS functions. A remote attacker could send a specially crafted protobuf payload containing numerous unknown fields. This could cause the decoded message to retain substantially more memory than expected,...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:0 a.m.20 views

CVE-2026-51219

A heap buffer overflow in the HighPriorityASDUQueuehasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service DoS via a crafted payload...

0.00348EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 12:0 a.m.7 views

CVE-2026-51219

CVE-2026-51219 affects lib60870 (versions 2.3.3–2.3.6) and arises from a heap buffer overflow in HighPriorityASDUQueue_hasUnconfirmedIMessages. The issue can allow a Denial of Service via a crafted payload. The connected documents identify the affected component and function, and specify the vuln...

6.5CVSS6AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 5:31 p.m.7 views

EUVD-2026-39820

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5264 Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/23 9:13 a.m.7 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
CVE
CVE
added 2026/06/22 4:21 p.m.23 views

CVE-2026-48712

The CVE-2026-48712 vulnerability affects protobufjs (JavaScript) in the toObject() conversion path and the google.protobuf.Any JSON conversion path. Prior to versions 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit when converting decoded messages to plain objects/JSON, allowing a...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 6:26 a.m.5 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 2:32 a.m.6 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in pyxdg

A code injection issue was discovered in PyXDG before version 0.26, through crafted Python code within a Category element of a Menu XML document in a .menu file. The XDGCONFIGDIRS must be set up to trigger the xdg.Menu.parse parsing within the directory containing this file. This issue occurred d...

7.5CVSS7AI score0.02105EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50511

Name of the Vulnerable Software and Affected Versions NVIDIA Spatial Intelligence Lab's SIL GEN3C affected versions not specified Description The inference API server contains an unauthenticated remote code execution flaw. The endpoints '/request-inference' and '/seed-model' deserialize raw HTTP...

9.8CVSS6.8AI score0.00685EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36781

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

5.7AI score0.00374EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36774

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.3AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

9.6CVSS0.00374EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.10 views

CVE-2026-50876

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS0.00162EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/15 3:32 p.m.9 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6AI score0.02995EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

0.00374EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.12 views

CVE-2026-50876

The CVE-2026-50876 issue affects Deck9 Input v2.0.1 and is described as a cross-site scripting (XSS) vulnerability that allows attackers to run arbitrary web scripts or HTML via a crafted payload. The documented impact is limited to client-side script execution with low to moderate risk according...

5.4CVSS5.4AI score0.00162EPSS
Exploits0References1
Rows per page
Query Builder