Lucene search
K

851 matches found

Nuclei
Nuclei
added yesterday93 views

pfSense - Arbitrary File Write

diagroutes.php in pfSense 2.5.2 allows sed data injection. Authenticated users are intended to be able to view data about the routes set in the firewall. The data is retrieved by executing the netstat utility, and then its output is parsed via the sed utility. Although the common protection...

9CVSS7.1AI score0.87113EPSS
Exploits4References5
NVD
NVD
added 4 days ago7 views

CVE-2026-11321

The DataInjection plugin for GLPI 2.15.6 GLPI 11 builds concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embe...

7.1CVSS0.00314EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42993

The DataInjection plugin for GLPI 2.15.6 GLPI 11 builds concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, resulting in authenticated SQL injection. An authenticated user with access to the Data injection feature can embe...

7.1CVSS6.1AI score0.00314EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-11321

CVE-2026-11321 affects the GLPI DataInjection plugin for GLPI 2.15.6 (GLPI 11 builds). The plugin concatenates user-supplied CSV field values directly into SQL queries during CSV import, without parameterization or escaping, enabling an authenticated user with access to the Data Injection feature...

7.1CVSS6.1AI score0.00314EPSS
Exploits0References4
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42294

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS5.9AI score0.00094EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/03 3:26 p.m.9 views

CVE-2026-14614

A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions FGAP v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not...

5.4CVSS5.9AI score0.00146EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Oracle Linux 9 : nginx:1.26 (ELSA-2026-29151)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-29151 advisory. - nginx: code execution and denial of service CVE-2026-9256 - Resolves: RHEL-176218 - nginx:1.26/nginx: NGINX: Arbitrary Code Execution Vulnerability...

9.2CVSS8.2AI score0.61469EPSS
Exploits43References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.13 views

PT-2026-51293

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description Multiple core controllers and model capture paths accept client-controlled request fields, including primary keys id and ownership or scope foreign keys such as event id, org id, user id, sharin...

9.4CVSS6AI score0.00362EPSS
Exploits0References21
CVE
CVE
added 2026/06/08 6:45 p.m.24 views

CVE-2026-11559

CVE-2026-11559 affects CodeAstro Payroll System 1.0. The vulnerability exists in an (unnamed) function of the file /view_account.php, where manipulation of the argument ID enables an SQL injection. It is exploitable remotely and the exploit is public. CVSS metrics in the entry show a MEDIUM sever...

6.5CVSS5.4AI score0.00204EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/06 1:26 a.m.12 views

EUVD-2026-34941

The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This make...

7.2CVSS5.7AI score0.00314EPSS
Exploits0References10
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.19 views

Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection

AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection...

5.8AI score0.00014EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.31 views

SAMD: A Tool for Identifying False Data Injection Scenarios in AI/ML-Enabled Medical Devices

The growing integration of artificial intelligence AI and machine learning ML in medical systems requires effective measures to address emerging security risks. One such risk is that of adversaries introducing false data through vulnerable system components during inference, causing misdiagnosis...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.20 views

Astra Linux – Vulnerability in curl

When curl 7.84.0 performs FTP transfers secured by krb5, it incorrectly handles message verification failures. This flaw allows a Man-In-The-Middle attack to go unnoticed, and even enables the attacker to inject data into the client’s system...

5.9CVSS7.1AI score0.06762EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 5:20 p.m.7 views

OPENSUSE-SU-2026:20784-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784: NGINX worker memor...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
OSV
OSV
added 2026/05/19 5:20 p.m.10 views

SUSE-SU-2026:21823-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784: NGINX worker memor...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.12 views

SUSE SLES15 Security Update : nginx (SUSE-SU-2026:1953-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1953-1 advisory. This update for nginx fixes the following issues Security issues: - CVE-2026-1642: plain text data injection into the response from...

8.8CVSS6.4AI score0.21621EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/05/18 7:58 p.m.12 views

CVE-2026-45398

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, validatecollectionaccess checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any...

7.5CVSS5.8AI score0.00331EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/18 2:27 p.m.13 views

CVE-2026-41650

A flaw was found in fast-xml-parser. The XMLBuilder component does not properly escape specific sequences "--" in comments and "" in CDATA sections when constructing XML from JavaScript objects. This vulnerability allows an attacker to perform XML injection if user-controlled data is processed...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References5
SUSE Linux
SUSE Linux
added 2026/05/18 7:53 a.m.8 views

Security update for nginx

This update for nginx fixes the following issues Security issues: CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. CVE-2026-27784: NGINX...

8.3CVSS7.7AI score0.21621EPSS
Exploits0References18
OSV
OSV
added 2026/05/18 7:53 a.m.5 views

SUSE-SU-2026:1953-1 Security update for nginx

This update for nginx fixes the following issues Security issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784:...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References10
Rows per page
Query Builder