Lucene search
K

8416 matches found

Nuclei
Nuclei
added yesterday142 views

SMTP WP Plugin Directory Listing

The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. id: CVE-2020-35234 info: name: SMTP WP Plugin Directory Listing author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and i...

7.5CVSS6.9AI score0.64603EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday33 views

ReadToMyShoe - Generation of Error Message Containing Sensitive Information

ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which...

7.4CVSS6.6AI score0.03857EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday10 views

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

7.5CVSS7AI score0.02169EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday16 views

Dgraph <= 25.3.2 - Admin Token Disclosure

Dgraph = 25.3.2 contains an information disclosure caused by unauthenticated access to the /debug/vars endpoint , which publishes the cmdline variable including the --security token= flag, letting unauthenticated remote attackers retrieve the admin token and access admin-only endpoints, exploit...

9.8CVSS6.1AI score0.02187EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday619 views

Debug Endpoint pprof - Exposure Detection

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,...

8.2CVSS6.7AI score0.61139EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday110 views

CommScope Ruckus IoT Controller - Information Disclosure

CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for...

9.8CVSS7AI score0.5699EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday18 views

Squid Proxy - HTTP Authentication Credentials Disclosure

Squid versions prior to 7.2 fail to redact HTTP authentication credentials in error page responses. The Authorization header value is embedded in plain text inside the mailto: diagnostic block when Squid generates an error page e.g. ERRDNSFAIL. id: CVE-2025-62168 info: name: Squid Proxy - HTTP...

10CVSS7AI score0.62871EPSS
Exploits1References2
Metasploit
Metasploit
added 4 days ago13 views

FTP Fetch, Generic x86 Debug Trap

Fetch and execute an x86 payload from an FTP server. Generate a debug trap in the target process Module Options msf use payload/cmd/windows/ftp/x86/generic/debugtrap msf payloaddebugtrap show actions ...actions... msf payloaddebugtrap set ACTION msf payloaddebugtrap show options ...show and set...

6.2AI score
Exploits0
NVD
NVD
added 5 days ago10 views

CVE-2026-58378

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS0.00242EPSS
Exploits0References2
CVE
CVE
added 5 days ago13 views

CVE-2026-58378

CVE-2026-58378 affects the Allwinner H616 TV Box TV98 where ADB is enabled and exposed on production to the network. The vulnerability can allow an attacker to request ADB authorization and obtain root privileges if the user authorizes access. Public metrics show a high severity (CVSS v3.1/4.0 ba...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42661

Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access...

8.8CVSS6AI score0.00242EPSS
Exploits0References2
NVD
NVD
added 6 days ago4 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS0.00108EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-59947

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, when Composer is run with -vvv debug verbosity, it could print a credential embedded in the username slot of a repository or package URL, such as a GitHub Personal Access Token in https://TOKEN@host/, to debug outp...

4.7CVSS6AI score0.00108EPSS
Exploits0
CVE
CVE
added 6 days ago7 views

CVE-2026-59947

Composer is affected: prior to versions 2.2.29 and 2.10.2, running with -vvv could leak credentials embedded in the username slot of a repository or package URL (e.g., https://TOKEN@host/) to debug logs because AuthHelper, Url::sanitize, and ProcessExecutor did not sanitize username-only URL cred...

4.7CVSS6AI score0.00108EPSS
Exploits0References5
CVE
CVE
added 6 days ago9 views

CVE-2026-36027

CVE-2026-36027 concerns Code27 Companion Hub SQ3A.220705.003.A1. The issue, described across the provided sources, allows a physically proximate attacker to execute arbitrary code via the USB debugging (ADB) / Android Debug Bridge components. The CVSS metrics indicate a physical attack vector wit...

6.8CVSS6.3AI score0.00331EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-36027

An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...

0.00331EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 9:16 a.m.5 views

CVE-2026-44934

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:45 a.m.35 views

CVE-2026-44934 Exposed tokens in SUSE Rancher AI Agent logs

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:45 a.m.5 views

EUVD-2026-41858

A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys or LLM response text with potential sensitive data into logfiles, allowing local attackers to misuse respective gained data or credentials...

7CVSS6AI score0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:45 a.m.16 views

CVE-2026-44934

SUSE Rancher AI Agent 1.0 before 1.0.2 contains an information disclosure when DEBUG loglevel is enabled, leaking API keys and LLM response text into logfiles. The issue affects local users with HIGH privileges and local attack vector; confidentiality and subsequent confidentiality are HIGH, whil...

7CVSS6AI score0.00119EPSS
Exploits0References1
Rows per page
Query Builder