Lucene search
+L

1259633 matches found

circl
circl
added yesterday5 views

CVE-2026-14961

creationtimestamp| type| source ---|---|--- 2026-07-16 12:00:04+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/93588 2026-07-17 00:00:54+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/93588...

6.2CVSS6.1AI score0.00121EPSS
Exploits1References1
nvd
nvd
added yesterday6 views

CVE-2023-49900

An unauthenticated remote attacker is able to perform remote code execution due to incorrectly sanitized user input in the SetParameter command...

9.8CVSS
Exploits0References1
osv
osv
added yesterday6 views

ROOT-APP-NPM-CVE-2026-47674 CVE-2026-47674 in @rootio/hono - Patched by Root

Root has patched CVE-2026-47674 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00244EPSS
Exploits0
osv
osv
added yesterday15 views

ROOT-APP-NPM-CVE-2026-44456 CVE-2026-44456 in @rootio/hono - Patched by Root

Root has patched CVE-2026-44456 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

6.5CVSS5.8AI score0.00219EPSS
Exploits0
osv
osv
added yesterday3 views

ROOT-APP-NPM-CVE-2026-54286 CVE-2026-54286 in @rootio/hono - Patched by Root

Root has patched CVE-2026-54286 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.9CVSS6.1AI score0.00292EPSS
Exploits0
osv
osv
added yesterday4 views

ROOT-OS-DEBIAN-11-CVE-2026-56368 CVE-2026-56368 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-56368 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

7.5CVSS5.9AI score0.0026EPSS
Exploits0
osv
osv
added yesterday6 views

ROOT-OS-DEBIAN-11-CVE-2026-56370 CVE-2026-56370 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-56370 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

7.8CVSS5.9AI score0.00121EPSS
Exploits0
osv
osv
added yesterday12 views

ROOT-OS-DEBIAN-11-CVE-2026-53461 CVE-2026-53461 in rootio-imagemagick - Patched by Root

Root has patched CVE-2026-53461 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

7.5CVSS5.8AI score0.00353EPSS
Exploits0
osv
osv
added yesterday19 views

ROOT-APP-MAVEN-CVE-2026-33180 CVE-2026-33180 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root

Root has patched CVE-2026-33180 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...

8.2CVSS5.8AI score0.00264EPSS
Exploits0
nuclei
nuclei
added yesterday56 views

Helmet Store Showroom v1.0 - SQL Injection

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access. id: CVE-2022-46071 info: name: Helmet Store Showroom v1.0 - SQL Injection author: Harsh severity: critical description: | There is SQL Injection vulnerability...

9.8CVSS7AI score0.0431EPSS
Exploits1References2
nuclei
nuclei
added yesterday140 views

Shopware < 6.5.8.13 - SQL Injection

The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the "aggregations" object. The name field in this "aggregations" ...

6.8CVSS6.1AI score0.1198EPSS
Exploits1References2
nuclei
nuclei
added yesterday109 views

OsTicket < 1.14.3 - Server Side Request Forgery

SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...

9.8CVSS7AI score0.73267EPSS
Exploits3References2
nuclei
nuclei
added yesterday171 views

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

9.8CVSS7.1AI score0.35228EPSS
Exploits3References5
nuclei
nuclei
added yesterday43 views

Symfony Profiler - Remote Access via Injected Arguments

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

7.3CVSS7AI score0.63422EPSS
Exploits0References5
nuclei
nuclei
added yesterday71 views

Flatpress < 1.3 - Path Traversal

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. id: CVE-2023-0947 info: name: Flatpress 1.3 - Path Traversal author: r3Y3r53 severity: critical description: | Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. impact: | Unauthenticated attackers ca...

9.8CVSS7AI score0.03637EPSS
Exploits1References3
nuclei
nuclei
added yesterday47 views

PrestaShop 'possearchproducts' <= 1.7 - SQL Injection

In the module “Search Products” possearchproducts from PosThemes for PrestaShop, a guest can perform SQL injection in affected versions. id: CVE-2023-30192 info: name: PrestaShop 'possearchproducts' = 1.7 - SQL Injection author: mastercho severity: critical description: | In the module “Search...

9.8CVSS7AI score0.02678EPSS
Exploits1References2
nuclei
nuclei
added yesterday112 views

Gitea Container Registry - Unauthorized Private Image Access

Gitea = 1.26.2. As a temporary workaround, set REQUIRESIGNINVIEW=true in gitea app.ini, though this blocks all anonymous access including public repos. reference: - https://blog.gitea.com/release-of-1.26.2/ - https://github.com/go-gitea/gitea/pull/37290 -...

8.2CVSS7.1AI score0.40738EPSS
Exploits1References4
nuclei
nuclei
added yesterday91 views

SuiteCRM Unauthenticated Graphql Introspection

Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions. id: CVE-2023-47643 info: name: SuiteCRM Unauthenticated Graphql Introspection author: isacaya severity: medium description: | Graphql Introspection is enabled without...

5.3CVSS6.2AI score0.03002EPSS
Exploits1References3
nuclei
nuclei
added yesterday68 views

WordPress Directorist <7.3.1 - Information Disclosure

WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated users. id: CVE-2022-2376 info: name: WordPress Directorist 7.3.1 - Information Disclosure...

5.3CVSS6.2AI score0.01408EPSS
Exploits2References5
nuclei
nuclei
added yesterday79 views

Ricoh Web Image Monitor - Reflected XSS

A reflected cross-site scripting vulnerability exists in the laser printers and MFPs multifunction printers which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. id: CVE-2025-41393 info: name: Rico...

6.1CVSS6.4AI score0.00639EPSS
Exploits0References3
Rows per page
Query Builder