Lucene search
K

5901 matches found

Nuclei
Nuclei
added 18 hours ago48 views

T24 Web Server - Local File Inclusion

T24 web server is vulnerable to unauthenticated local file inclusion that permits an attacker to exfiltrate data directly from server. id: CVE-2019-14251 info: name: T24 Web Server - Local File Inclusion author: 0xAkoko severity: high description: T24 web server is vulnerable to unauthenticated...

7.5CVSS7.1AI score0.07849EPSS
Exploits1References4
NVD
NVD
added 2 days ago8 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS0.00413EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago9 views

CVE-2025-71380

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago41 views

CVE-2025-71380 n8n - Arbitrary Command Execution via Execute Command Node

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or...

8.8CVSS0.00413EPSS
Exploits0References2
CVE
CVE
added 2 days ago22 views

CVE-2025-71380

CVE-2025-71380 : The n8n Execute Command node is vulnerable to arbitrary command execution by authenticated users on the host running n8n. The issue allows user- or credential-compromised attackers to run commands that could exfiltrate data, disrupt services, or fully compromise the host. Concret...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago12 views

PT-2026-55682

Name of the Vulnerable Software and Affected Versions n8n affected versions not specified Description The Execute Command node allows authenticated users to execute arbitrary commands on the host system where the application is running. Users with valid access or compromised credentials can...

8.8CVSS6.2AI score0.00413EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago20 views

GeoServer WFS - XXE Processing Vulnerability

GeoServer Web Feature Service WFS is vulnerable to an XML External Entity XXE processing attack due to improper handling of XML input. This vulnerability allows attackers to perform Out-of-Band OOB data exfiltration and Server-Side Request Forgery SSRF by exploiting the GeoTools library. id:...

9.9CVSS7.1AI score0.50825EPSS
Exploits1References6
EUVD
EUVD
added 4 days ago12 views

EUVD-2026-33279

Mautic has Stored Cross-Site Scripting XSS in Projects Component...

7.6CVSS5.8AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-14029

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'select' parameter in all versions up to, and including, 4.5.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

6.5CVSS0.00441EPSS
Exploits0References10
NVD
NVD
added 4 days ago8 views

CVE-2026-13357

The Houzez Property Feed plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.5.46 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the prepareitems method...

4.9CVSS0.00288EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in @marketfront/blenderdevtool (npm)

The @marketfront/blenderdevtool package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6AI score
Exploits0References2
OSV
OSV
added 4 days ago3 views

MAL-2026-6785 Malicious code in @marketfront/madvpopup (npm)

The @marketfront/madvpopup package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSV
OSV
added 4 days ago2 views

MAL-2026-6782 Malicious code in @marketfront/header (npm)

The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.3AI score
Exploits0References2
OSV
OSV
added 4 days ago3 views

MAL-2026-6780 Malicious code in @marketfront/footer (npm)

The @marketfront/footer package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSV
OSV
added 4 days ago2 views

MAL-2026-6777 Malicious code in @marketfront/errorcounter (npm)

The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in @marketfront/footer (npm)

The @marketfront/footer package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago3 views

Malicious code in @marketfront/errorcounter (npm)

The @marketfront/errorcounter package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in @marketfront/baobabtech (npm)

The @marketfront/baobabtech package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in @marketfront/commonecommerce (npm)

The @marketfront/commonecommerce package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago4 views

Malicious code in @marketfront/mychatspreloader (npm)

The @marketfront/mychatspreloader package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and us...

6.2AI score
Exploits0References2
Rows per page
Query Builder