Lucene search
K

2419 matches found

Nuclei
Nuclei
added yesterday73 views

Puppet Server/PuppetDB - Sensitive Information Disclosure

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...

7.5CVSS7AI score0.07884EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday17 views

Xdebug <= 2.5.5 - Command Injection

Xdebug = 2.5.5 contains an unauthenticated command injection caused by accepting debugger protocol commands without authentication when remote debugging is enabled, letting remote attackers execute arbitrary PHP code and system commands, exploit requires remote debugging enabled. id: CVE-2015-101...

9.3CVSS6.3AI score0.0503EPSS
Exploits1References6
NVD
NVD
added 5 days ago7 views

CVE-2026-54798

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-54798

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS0.0024EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42593

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 5 days ago17 views

CVE-2026-54798

The CVE-2026-54798 entry concerns CPCI85 Central Processing/Communication (all versions &lt; V26.20) and SICORE Base system (all versions

7.1CVSS5.9AI score0.0024EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-36027

An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...

6.8CVSS0.00331EPSS
Exploits0References3
OSV
OSV
added 6 days ago5 views

BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References7
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-36027

An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...

0.00331EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/07/02 1:4 p.m.15 views

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...

6AI score
Exploits0
NVD
NVD
added 2026/07/02 12:17 p.m.5 views

CVE-2026-57350

Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...

7.1CVSS0.00191EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57350 WordPress WP Debugging plugin <= 2.12.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.13 views

CVE-2026-57350

WP Debugging plugin for WordPress with versions ≤2.12.2 is affected by an unauthenticated Cross Site Scripting (XSS) vulnerability. The CVE entry specifies the vulnerable component as the WP Debugging plugin and lists CVSS v3.1 base score 7.1 (High) with Network attack vector, no privileges requi...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 11:15 a.m.6 views

EUVD-2026-41349

Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...

7.1CVSS5.8AI score0.00191EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 6:27 a.m.8 views

Malicious code in pino-debugging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f0ecc81a618444e701cf5302ced1fa1e92aadc8df2ae2821d2a94a30683d9d Package name 'pino-debugging' is a single-edit typosquat of the legitimate 'pino-debug'. The shipped index.js requires a dependency named 'loadutils'...

6.1AI score
Exploits0References3
OSV
OSV
added 2026/06/29 6:27 a.m.10 views

MAL-2026-6583 Malicious code in pino-debugging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f0ecc81a618444e701cf5302ced1fa1e92aadc8df2ae2821d2a94a30683d9d Package name 'pino-debugging' is a single-edit typosquat of the legitimate 'pino-debug'. The shipped index.js requires a dependency named 'loadutils'...

6.2AI score
Exploits0References3
Fedora
Fedora
added 2026/06/25 4:25 p.m.6 views

[SECURITY] Fedora 43 Update: goose-1.36.0-1.fc43

Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...

8.8CVSS5.9AI score0.00213EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 12:0 p.m.10 views

Malicious code in @nullzero/urlcat (npm)

@nullzero/urlcat version 1.4.2, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern [email protected], with...

6.4AI score
Exploits0References8
GithubExploit
GithubExploit
added 2026/06/16 10:6 a.m.70 views

binary-exploitation-labs

Binary Exploitation & Reverse Engineering Labs Hands-on labs...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36800

Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...

5.3CVSS5.5AI score0.00107EPSS
Exploits0References4
Rows per page
Query Builder