Lucene search
K

1487941 matches found

GithubExploit
GithubExploit
added 21 minutes ago4 views

magento-polyshell

APSB25-94 — PolyShell: Magento 2 Unauthenticated File Upload RCE...

6.5AI score
Exploits0
GithubExploit
GithubExploit
added 34 minutes ago4 views

USBurst

USBurst - DWC3 USB Descriptor Buffer Overflow Apple Secure Ro...

4.8CVSS6.5AI score0.00379EPSS
Exploits2
NVD
NVD
added 51 minutes ago2 views

CVE-2026-46459

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS
Exploits0References2
GithubExploit
GithubExploit
added 53 minutes ago4 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-pqc Key-Lifecycle Unsafe Deserialization Reproducer CVE...

8.8CVSS6.3AI score0.00485EPSS
Exploits1
F5 Networks
F5 Networks
added 1 hour ago3 views

K000162281: BIND vulnerabilities CVE-2026-3039 and CVE-2026-5946

Security Advisory Description CVE-2026-3039 BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory...

7.5CVSS6.1AI score0.0181EPSS
Exploits0
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-44667

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS6.1AI score
Exploits0References2
CVE
CVE
added 1 hour ago3 views

CVE-2026-46459

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-46459 Missing Authorization in ICU Scandinavia Boomerang

ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database. This issue has been fixed in version 2.4.18.029...

5.3CVSS
Exploits0References2
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44621

Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...

8.1CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44648

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-44628

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44605

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44608

Missing Authorization CWE-862 in BankAccountListController app/Http/Controllers/Api/BankAccount/BankAccountListController.php, exposed at GET /api/bank-account, in Prospero Flow CRM companyid-get, performing only company scoping and no role or permission check before returning the data. This...

8.7CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-44603

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

6.1AI score
Exploits0References4
EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-44604

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

6.2AI score
Exploits0References5
Malwarebytes
Malwarebytes
added 1 hour ago2 views

July 2026 Patch Tuesday fixes 622 Microsoft CVEs, including three zero-days

Just one month ago, June 2026 Patch Tuesday broke Microsoft’s previous record with 206 CVEs and three zero‑days. July now triples that count, reinforcing that the era of “small” Patch Tuesdays may be over as AI‑driven vulnerability discovery ramps up. The update includes 59 critical...

9.8CVSS6.1AI score
Exploits0
NVD
NVD
added 1 hour ago4 views

CVE-2026-61873

Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...

8.1CVSS
Exploits0References2
NVD
NVD
added 1 hour ago5 views

CVE-2026-61451

The Grav API plugin grav-plugin-api before 1.0.4 does not validate the origin of the client-supplied adminbaseurl field in the POST /api/v1/auth/forgot-password endpoint. The sanitizeHttpUrl function only checks that the URL scheme is http/https and never verifies the host against the server's ow...

9.6CVSS
Exploits0References2
NVD
NVD
added 1 hour ago2 views

CVE-2026-56398

Open WebUI before 0.9.5 contains a stored cross-site scripting vulnerability in the OAuth authentication flow where the picture claim URL MIME type is inferred from file extension rather than Content-Type header, allowing SVG files to bypass the profile image validator and be stored as data URIs...

8.5CVSS
Exploits0References2
The Hacker News
The Hacker News
added 2 hours ago5 views

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...

6.1AI score
Exploits0
Rows per page
Query Builder