Lucene search
K

813 matches found

Nuclei
Nuclei
added 14 hours ago79 views

Cacti 1.2.24 - SQL Injection

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...

9.8CVSS7.2AI score0.87688EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday103 views

Netgear-WN604 downloadFile.php - Information Disclosure

There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be...

6.9CVSS6.2AI score0.45681EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43135

The SurfLink - Ultimate Link Manager plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the ajaximport410 function in all versions up to 2.6.0. This is due to a missing capability check currentusercan and missing nonce verification...

4.3CVSS6.1AI score0.00213EPSS
Exploits0References8
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-57248 Foxit PDF Editor/Reader Annotation Improper Release Vulnerability

When the application opens a PDF file and JavaScript writes annotation attributes, there is a lack of sufficient object type and argument checks. As a result, due to the damage to the internal structure of the annotations, it causes the application to crash during subsequent release...

7.8CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-57248

The CVE-2026-57248 entry concerns Foxit PDF Editor/Reader where opening a PDF and performing JavaScript to write annotation attributes can bypass object type/argument checks, corrupting the internal annotation structure and causing a crash on release. This is described as a local, user-interactio...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
CVE
CVE
added 6 days ago11 views

CVE-2026-57250

CVE-2026-57250 affects Foxit PDF Editor/Reader when opening a PDF and JavaScript resets form fields, causing a re-entry into the interface that damages a native object. The app validates insufficiently, and the function call on the damaged object leads to a crash. The CVSS v3.1 vector is LOCAL/Ux...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 6 days ago15 views

PT-2026-56347

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description Insufficient object type and argument checks occur when the application opens a PDF file and JavaScript writes annotation attributes. This leads to damage in the internal...

7.8CVSS6AI score0.00116EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/06 5:41 p.m.12 views

EUVD-2026-24963

chmod: --preserve-root bypassed by any path that resolves to root e.g. /../...

7.3CVSS5.9AI score0.00175EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx – The data passed through ioctl is copied to the kernel’s space properly. The UFXIOCTLREPORTDAMAGE ioctl does not copy data from user space to the kernel’s space properly. Instead, it directly references the memory...

7.3CVSS5.7AI score0.00206EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.6 views

Bosch Security Systems IP Cameras Uncontrolled Resource Consumption (CVE-2023-32229)

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option signing of the video stream with option MD5, SHA-1 or SHA-256. This plugin only works with Tenable.ot...

6.5CVSS6.4AI score0.0059EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.12 views

Guardrails 安全漏洞

Guardrails is a Python framework open source by Guardrails AI. Version 0.10.1 of Guardrails contains a security vulnerability. This vulnerability stems from the release of a malicious version to PyPI, which may cause damage to user systems...

9.6CVSS5.3AI score0.00276EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Supermicro AS-2115HS-TNR BMC 安全漏洞

Supermicro AS-2115HS-TNR BMC is a server out-of-band management control system developed by Supermicro Corporation. There is a security vulnerability in Supermicro AS-2115HS-TNR BMC, which stems from the injection of custom characters in the SMTP service configuration. This vulnerability may allo...

7.2CVSS5.8AI score0.0037EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the unconditional success of the spintrylock operation when calling kmallocnolock within the NMI contex...

7CVSS5.8AI score0.00147EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of IRQ requests and the allocation of the powersupply handle in the power...

5.8AI score0.0016EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/21 12:38 a.m.13 views

EUVD-2026-31204

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibiting potential out-of-bounds accesses The fbdev test in IGT may write after EOF, leading to out-of-bound accesses for DRM drivers that use fbdev-generic. For example, running the fbdev test on an...

6AI score0.00173EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/fb-helper: Fixed out-of-bounds access issues The memory range was clipped to the size of the screen buffer to avoid out-of-bounds access during the damage handling in fbdev’s deferred I/O operations. fbdev’s deferred I/O c...

7.1CVSS6.4AI score0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39301

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.4.1 Description An open redirect issue in Snipe-IT allows attackers to redirect users to malicious websites. This occurs because the application uses an unvalidated HTTP Referer header stored in a session variable...

7.1CVSS5.8AI score0.00163EPSS
Exploits0References5
HackRead
HackRead
added 2026/05/03 4:7 p.m.10 views

Paying Ransom Won’t Help as VECT 2.0 Ransomware Destroys Data Irreversibly

VECT 2.0 ransomware contains fatal flaws that permanently destroy files, making recovery impossible and rendering ransom payments useless for victims worldwide...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/27 7:23 p.m.10 views

CVE-2026-41478

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...

9.9CVSS5.8AI score0.00264EPSS
Exploits0References1
Rows per page
Query Builder