Lucene search
K

317608 matches found

GithubExploit
GithubExploit
added 7 hours ago10 views

Apollo_Ultra_Agent

Apollo Ultra for OpenCode Apollo Ultra is an OpenCode configu...

6.1AI score
Exploits0
Debian CVE
Debian CVE
added 11 hours ago4 views

CVE-2026-53363

xfrm: iptfs: preserve shared-frag marker in iptfsconsumefrags...

6.1AI score
Exploits0
Debian CVE
Debian CVE
added 20 hours ago5 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to...

8.2CVSS6.1AI score
Exploits0
Nuclei
Nuclei
added 20 hours ago185 views

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

10CVSS7.2AI score0.99838EPSS
Exploits21References5
Nuclei
Nuclei
added 20 hours ago65 views

Zabbix Setup Configuration Authentication Bypass

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. id: CVE-2022-23134 info: name: Zabbix Setup...

5.3CVSS6.9AI score0.84657EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago110 views

Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting

Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server...

6.1CVSS6.6AI score0.81466EPSS
Exploits4References5
Nuclei
Nuclei
added 20 hours ago28 views

Drupal 7 CKEditor XSS

CKEditor 4.14.0 through 4.16.x before 4.16.1 contains a reflected cross-site scripting caused by mishandling in comments, letting remote attackers inject executable JavaScript code, exploit requires victim to view malicious content. id: CVE-2021-33829 info: name: Drupal 7 CKEditor XSS author:...

6.1CVSS6.7AI score0.03189EPSS
Exploits0References4
Nuclei
Nuclei
added 20 hours ago80 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago107 views

XStream 1.4.18 - Remote Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.5AI score0.98124EPSS
Exploits6References5
Nuclei
Nuclei
added 20 hours ago151 views

Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

9.8CVSS7.2AI score0.35228EPSS
Exploits3References5
Nuclei
Nuclei
added 20 hours ago37 views

Sympa version =>6.2.16 - Cross-Site Scripting

Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs. id: CVE-2018-1000671 info: name: Sympa version =6.2.16 -...

6.1CVSS6.6AI score0.03982EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago59 views

Horde/Horde Groupware - Local File Inclusion

Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the HordeImage driver name. id: CVE-2009-0932 inf...

6.4CVSS6.2AI score0.41263EPSS
Exploits8References5
Nuclei
Nuclei
added 20 hours ago165 views

Apache HTTP Server - ACL Bypass

Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. id: CVE-2024-38473 info: name: Apache HTTP Server - ACL Bypass author: pdteam severity: high...

8.1CVSS6.7AI score0.25878EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago100 views

OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete

OpenAPI Generator versions 7.5.0 and below are prone to an Arbitrary File Read/Delete vulnerability. Attackers can exploit this vulnerability to read and delete files and folders from an arbitrary, writable directory. id: CVE-2024-35219 info: name: OpenAPI Generator = 7.5.0 - Arbitrary File...

8.3CVSS7.2AI score0.03592EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago30 views

Sidekiq <=6.2.0 - Cross-Site Scripting

Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used. id: CVE-2021-30151 info: name: Sidekiq =6.2.0 - Cross-Site Scripting author: DhiyaneshDk severity: medium description: Sidekiq...

6.1CVSS6.3AI score0.04158EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago15 views

WordPress < 4.9.1 - Authenticated JavaScript File Upload

WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...

5.4CVSS6.8AI score0.04132EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago45 views

Kodi 17.1 - Local File Inclusion

Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input. id: CVE-2017-5982 info: name: Kodi 17.1 - Local File Inclusion author: 0xAkoko severity: high description: | Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of...

7.5CVSS7AI score0.7763EPSS
Exploits5References5
Nuclei
Nuclei
added 20 hours ago58 views

Ruby on Rails <5.0.1 - Remote Code Execution

Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. id: CVE-2020-8163 info: name: Ruby on Rails 5.0.1 - Remote Code Execution author: timkoopmans severity: high description: Ruby on Rails before version 5.0...

8.8CVSS7.7AI score0.83085EPSS
Exploits10References4
Nuclei
Nuclei
added 20 hours ago69 views

XStream 1.4.18 - Arbitrary Code Execution

XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...

8.5CVSS7.3AI score0.143EPSS
Exploits0References5
Debian CVE
Debian CVE
added 23 hours ago5 views

CVE-2026-44918

OpenStack Ironic through before 37.0.1 allows creation or modification...

5.5CVSS6.1AI score
Exploits0
Rows per page
Query Builder