Lucene search
K

677073 matches found

The Hacker News
The Hacker News
added 5 hours ago6 views

Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns

Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets includ...

6.1AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 10 hours ago13 views

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7CVSS6.1AI score0.0013EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 10 hours ago8 views

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6AI score0.00127EPSS
Exploits0References6Affected Software4
Rockylinux
Rockylinux
added 11 hours ago5 views

kernel security, bug fix, and enhancement update

An update is available for kernel. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

9.3CVSS6.7AI score0.0053EPSS
Exploits1
GithubExploit
GithubExploit
added 16 hours ago34 views

Exploit for Integer Overflow or Wraparound in Linux Linux_Kernel

PACKETEDITMEME - CVE-2026-46331 net/sched actpedit parti...

7.8CVSS6.5AI score0.00321EPSS
Exploits11
Nuclei
Nuclei
added 20 hours ago38 views

WordPress Plugin Age Verification v0.4 - Open Redirect

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectto parameter. id: CVE-2012-6499 info: name: WordPress Plugin Age...

5.8CVSS6.2AI score0.10603EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago30 views

MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution

The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. id...

9.4CVSS7.5AI score0.38532EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago41 views

Discourse OAuth Social Login - Cross-site Scripting

Discourse versions prior to 3.5.0.beta6 contain a stored Cross-Site Scripting XSS vulnerability in the OAuth/social login functionality. The vulnerability is caused by lack of proper content security policy enforcement when processing social login failures,allowing remote attackers to inject and...

8.1CVSS6.2AI score0.0063EPSS
Exploits0References2
Nuclei
Nuclei
added 20 hours ago11 views

Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

9.8CVSS7AI score0.26076EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago17 views

WeGIA <= 3.6.4 - Remote Code Execution

WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...

10CVSS6.6AI score0.03315EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago381 views

WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the uploadpostimage function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload...

9.8CVSS7.4AI score0.12749EPSS
Exploits3References5
Nuclei
Nuclei
added 20 hours ago12 views

mcp-atlassian < 0.17.0 - Server-Side Request Forgery

MCP Atlassian 0.17.0 contains a server-side request forgery caused by improper validation of custom HTTP headers in the HTTP middleware, letting unauthenticated attackers force outbound requests to arbitrary URLs, exploit requires access to the mcp-atlassian HTTP endpoint. id: CVE-2026-27826 info...

9CVSS6.3AI score0.14958EPSS
Exploits2References4
Nuclei
Nuclei
added 20 hours ago45 views

Agentejo Cockpit <0.12.0 - NoSQL Injection

Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form. id: CVE-2020-35848 info: name: Agentejo Cockpit 0.12.0 - NoSQL Injection author: dwisiswant0 severity: critical...

9.8CVSS7AI score0.74989EPSS
Exploits5References5
Nuclei
Nuclei
added 20 hours ago32 views

DevDojo Voyager <=1.8.0 - Cross-Site Scripting

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. id: CVE-2024-55416 info: name: DevDojo Voyager =1.8.0 - Cross-Site Scripting author:...

3.5CVSS7.2AI score0.24095EPSS
Exploits1References4
Nuclei
Nuclei
added 20 hours ago21 views

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

9.8CVSS7AI score0.02112EPSS
Exploits0References4
Nuclei
Nuclei
added 20 hours ago61 views

Gradio - Open Redirect

Gradio allows an open redirect bypass via URL encoding, enabling attackers to redirect users to malicious sites. This can lead to phishing attacks and loss of trust in the application. id: CVE-2024-8021 info: name: Gradio - Open Redirect author: DhiyaneshDK severity: medium description: | Gradio...

6.1CVSS6.2AI score0.00723EPSS
Exploits1References1
Nuclei
Nuclei
added 20 hours ago113 views

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7AI score0.12484EPSS
Exploits0References4
Nuclei
Nuclei
added 20 hours ago13 views

Apache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Read

Apache CXF before 4.0.4, 3.6.3 and 3.5.8 has a Server-Side Request Forgery SSRF vulnerability when using the Aegis DataBinding. The XOP Include mechanism in multipart SOAP requests can be abused to read local files or make server-side HTTP requests to arbitrary URLs. An attacker can use this to...

9.3CVSS6.9AI score0.05849EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago24 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.3AI score0.01668EPSS
Exploits0References3
Nuclei
Nuclei
added 20 hours ago11 views

WordPress File Manager <= 7.2.1 - Directory Traversal

File Manager and File Manager Pro plugins for WordPress versions up to 7.2.1 and 8.3.4 contain a directory traversal caused by the 'target' parameter in mkfilefoldermanageractioncallbackshortcode, letting attackers read arbitrary files and upload files outside designated directories, exploit...

9.9CVSS7.1AI score0.06009EPSS
Exploits0References2
Rows per page
Query Builder