Lucene search
+L

671249 matches found

GithubExploit
GithubExploit
added 3 hours ago9 views

Exploit for CVE-2026-63030

WordPress REST API Batch Route Confusion + SQL Injection → RCE...

9.1CVSS6.2AI score
Exploits7
BDU FSTEC
BDU FSTEC
added yesterday12 views

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6AI score0.00127EPSS
Exploits0References6Affected Software4
BDU FSTEC
BDU FSTEC
added yesterday20 views

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

7CVSS6.1AI score0.0013EPSS
Exploits0References5Affected Software2
OSV
OSV
added yesterday5 views

DEBIAN-CVE-2026-9537

Bulletin has no description...

4.8AI score
Exploits0References1
OSV
OSV
added yesterday4 views

DEBIAN-CVE-2026-13082

Bulletin has no description...

5.3CVSS4.8AI score
Exploits0References1
The Hacker News
The Hacker News
added yesterday6 views

OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests

Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts. OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry...

6AI score
Exploits0
NVD
NVD
added yesterday4 views

CVE-2026-50289

systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...

8.7CVSS
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday8 views

Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)

Header | Field | Value | |---|---| | Title | Extension-denylist bypass via case-folding asymmetry in name-override path incomplete-fix variant of CVE-2026-27641 | | Project | Flask-Reuploaded flaskuploads | | Affected | extension"shell.php" = "php" - extensionallowed"php" - DENY correct...

9.8CVSS5.8AI score0.01046EPSS
Exploits1References3Affected Software1
OSV
OSV
added yesterday5 views

GHSA-937X-GPQR-72GG Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)

Header | Field | Value | |---|---| | Title | Extension-denylist bypass via case-folding asymmetry in name-override path incomplete-fix variant of CVE-2026-27641 | | Project | Flask-Reuploaded flaskuploads | | Affected | extension"shell.php" = "php" - extensionallowed"php" - DENY correct...

7.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added yesterday11 views

CVE-2026-50289

CVE-2026-50289 affects the Node.js library systeminformation prior to v5.31.7. The Linux implementation of networkInterfaces() builds a shell command using an interpolated, unquoted path from /etc/network/interfaces via checkLinuxDCHPInterfaces(), then executes it with a shell, creating a command...

8.7CVSS5.6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday11 views

CVE-2026-50289 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux

systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...

8.7CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-50289

systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...

8.7CVSS5.6AI score
Exploits0References4Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-45265

systeminformation is a System and OS information library for node.js. Prior to 5.31.7, networkInterfaces on Linux is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive because lib/network.js checkLinuxDCHPInterfaces reads /etc/network/interfaces, extracts a...

8.7CVSS5.6AI score
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added yesterday2 views

Metasploit Wrap Up: An HTTP to SMB relay plus Payload Improvements

Metasploit Wrap Up Housekeeping While the Metasploit Framework will be continuing its weekly release cadence, bringing you dear reader our latest content, the Weekly Wrap Up is being shifted to a bi-weekly cadence. The team is planning to use the additional time between posts to record demos of...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added yesterday5 views

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator's own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the image generators, local model runners, an...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added yesterday3 views

Microsoft at Black Hat USA 2026: Defending trust in the age of AI and supply chain attacks

In this article 1. Weston on the future of defense 2. Our latest intelligence and response on npm supply chain attacks 3. Follow the research in the Black Hat Briefings 4. Go deeper in Microsoft sessions 5. Visit booth 2144 for research, community, and hands-on defense 6. Plan your week with...

5.7AI score
Exploits0
EUVD
EUVD
added yesterday7 views

EUVD-2026-45182

A race condition between the vncproxy and vncwebsocket API calls in Proxmox Virtual Environment PVE 9.x pve-manager 9.1.x before 9.1.9 and 8.4.x before 8.4.19; qemu-server 9.1.x before 9.1.7 and 8.4.x before 8.4.7; and pve-container 6.1.x before 6.1.3 and 5.3.x before 5.3.4 allows an attacker wit...

7.2CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45181

A cross-site scripting XSS vulnerability in Proxmox Virtual Environment PVE 9.x 5.1.8 and Proxmox Virtual Environment PVE 8.x 4.3.16 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

6.1CVSS5.3AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-45183

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

6.5CVSS5.3AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-51083

Incorrect access control in Proxmox Virtual Environment PVE 9.x qemu-server before 9.1.8 and 8.x before 8.4.8 allows users within limited privileges to obtain hashed passwords via the cloudinit/dump API...

6.5CVSS
Exploits0References1
Rows per page
Query Builder