Lucene search
K

2756 matches found

Nuclei
Nuclei
added yesterday69 views

Ubigeo de Peru < 3.6.4 - SQL Injection

The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections. id: CVE-2022-0814 info: name: Ubigeo de Peru 3.6.4 - SQL Injection author: r3Y3r53...

9.8CVSS7.1AI score0.09495EPSS
Exploits2References4
Cvelist
Cvelist
added last week34 views

CVE-2026-59897 Hono: API Gateway v1 adapter can drop a distinct repeated request header value during de-duplication

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

4.8CVSS0.00126EPSS
Exploits0References3
EUVD
EUVD
added last week4 views

EUVD-2026-42317

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS5.9AI score0.00413EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.9 views

PT-2026-56479

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Handshakes using Encrypted Client Hello ECH, a mechanism designed to encrypt the initial handshake of a TLS connection to protect client privacy, could be...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References28
GithubExploit
GithubExploit
added 2026/06/07 3:50 p.m.81 views

kaido-waf

⚔️ Kaido WAF Web Application Firewall do Kaido Red Team...

6AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/06 1:14 p.m.67 views

Soul-Collector

Windows Post-Exploitation & Credential Hunting Tool Uma ferra...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/06 12:47 a.m.76 views

ccdd-poc

ccdd-poc — ¿Dónde está el límite de un solucionador de issues...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/04 1:19 p.m.81 views

llmbias-tse

llmbias-tse Prova de conceito POC do projeto InternetLab...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.8 views

CVE-2026-8885

The DeMomentSomTres Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'callout' shortcode in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on the 'width' and 'align' shortcode attributes...

6.4CVSS6AI score0.00181EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/22 3:36 p.m.87 views

Proxmox-Network-Lab

Proxmox Network Lab + Hardening Despliegue de servicios corpo...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/22 7:14 a.m.86 views

ethical-hacking-toolkit

ethical-hacking-toolkit Ferramentas de segurança ofensiva e d...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed a slab-out-of-bounds read in hdrdeletede. Here is a bug report from syzbot: Bug: KASAN: Slab-out-of-bounds in hdrdeletede+0xe0/0x150, fs/ntfs3/index.c:806. A read of size 16842960 was performed at address...

5.2AI score0.00168EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Integer overflow has been prevented in hdrfirstde. The variables deoff and used originate from the disk; therefore, both need to be checked. The issue is that on 32-bit systems, if both values are greater than UINTMAX -...

5.5CVSS6.5AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Tiff

LibTIFF 4.3.0 has a out-of-bounds read issue in TIFFmemcpy in tifunix.c, especially in situations where a custom tag is used, and 0x0200 is the second value in the DE field...

5.5CVSS6.8AI score0.01336EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/11 6:36 p.m.9 views

EUVD-2026-29195

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Processo de Aceitação html/atendido/processoaceitacao.php page, which is executed when user access t...

6.8CVSS5.8AI score0.0023EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 6:35 p.m.35 views

CVE-2026-45025 WeGIA: Stored XSS in html/atendido/etapa_processo.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.3, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the "Etapas de um Processo" html/atendido/etapaprocesso.php page, which is executed when user access the...

6.8CVSS0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.17 views

CVE-2026-42609

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS0.00463EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/11 3:3 p.m.10 views

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS5.8AI score0.00463EPSS
Exploits1References4
OSV
OSV
added 2026/05/11 3:3 p.m.3 views

CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS5.9AI score0.00463EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

WeGIA 跨站脚本漏洞

WeGIA is a network manager for a welfare institution developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss scripts, which could allow authenticated users to inject malicious JavaScript into the...

6.8CVSS5.7AI score0.0023EPSS
Exploits0References1
Rows per page
Query Builder