Lucene search
K

5407 matches found

Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-4772 Stored XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-41370

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. WAF-ASP allows Stored XSS. This issue affects WAF-ASP: from v1.0.324.900 before v1.4.0.117...

5.4CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-4770 DOM-Based XSS in TR7's WAF-ASP

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-41369

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS5.8AI score
Exploits0References1
CVE
CVE
added 3 hours ago6 views

CVE-2026-4770

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows DOM-Based XSS. This issue affects Web Application Firewall: from v1.0.42.239 before v1.4.0.117...

4.6CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added 6 hours ago25 views

Intel Neural Compressor <2.5.0 - SQL Injection

Improper input validation in some IntelR Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access. id: CVE-2024-22476 info: name: Intel Neural Compressor 2.5.0 - SQL Injection author: ritikchaddha severity:...

10CVSS7.6AI score0.33357EPSS
Exploits0References2
ICS
ICS
added 2026/06/25 6:0 a.m.7 views

Delta Electronics DTM Soft

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...

8.4CVSS6.2AI score0.00388EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.33 views

PT-2026-50769

Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...

4.7CVSS6AI score0.00109EPSS
Exploits0References7
CVE
CVE
added 2026/06/17 9:3 p.m.19 views

CVE-2026-50194

Steeltoe CVE-2026-50194 affects management endpoints when configured to listen on an alternate port. Versions 3.2.2–3.3.0 and 4.1.0 use the Host header to gate access instead of the socket port, enabling port-isolation bypass. Patches are in 3.4.0 and 4.2.0. If upgrading isn’t possible, apply exp...

8.2CVSS5.4AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50604

Name of the Vulnerable Software and Affected Versions Capsule version 0.13.2 Description A typo in the webhook rules of the software causes a failure in the defense mechanism for the namespaces/finalize subresource. The configuration uses the singular namespace/finalize instead of the plural...

5.7CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/16 2:34 p.m.16 views

Natural Language Toolkit (NLTK): URL-Encoded Path Traversal in nltk.data.load() Allows Arbitrary Local File Read

Summary nltk.data.load in NLTK is vulnerable to path traversal via URL-encoded path separators and traversal segments when using the nltk: URL scheme. The unsafe-path regex check is performed before url2pathname decodes the %xx sequences a classic decode-after-check / TOCTOU-style flaw, allowing ...

7.5CVSS5.5AI score0.00378EPSS
Exploits1References2Affected Software1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.46 views

Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion

Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processe...

7.5CVSS7.8AI score0.99992EPSS
Exploits24References7
The Hacker News
The Hacker News
added 2026/06/15 7:44 p.m.16 views

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email. The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the...

5.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/06/15 8:58 a.m.26 views

Best WAAP Solutions for Enterprise Application Security: How to Choose the Right Platform in 2026

Key Takeaways The major enterprise WAAP solutions evaluated in this guide are Akamai, Cloudflare, F5, Fastly, Fortinet, Imperva, and Radware. In the most recent independent benchmarks, Akamai, Cloudflare, and Imperva were named Leaders in the Forrester Wave: Web Application Firewall Solutions, Q1...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/13 4:2 p.m.77 views

Exploit for Embedded Malicious Code in Tukaani Xz

XZ Backdoor Labs CVE-2024-3094 Safe, hands-on labs for...

10CVSS8.7AI score0.85974EPSS
Exploits40
GithubExploit
GithubExploit
added 2026/06/13 11:45 a.m.78 views

Exploit for CVE-2026-48907

CVE-2026-48907 Description هذا الملف CVE-2025-9209.py هو أداة...

10CVSS5.3AI score0.80425EPSS
Exploits22
ICS
ICS
added 2026/06/11 6:0 a.m.28 views

Naxclow IoT Platform

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow an attacker to impersonate devices, intercept or manipulate communications, harvest sensitive credentials at scale, or gain unauthorized access. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

5.7AI score
Exploits0References13
EUVD
EUVD
added 2026/06/10 8:27 p.m.8 views

EUVD-2026-36132

Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation logic present starting...

8.6CVSS5.4AI score0.00269EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/10 7:27 a.m.44 views

vehicle-subsystem-security-assessment

🚗 End-to-end security assessment of vehicle subsystems ! Me...

6.2AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/09 11:0 a.m.46 views

openshell-sandbox-poc

OpenShell + Kata Containers: Dual-Protection PoC A proof-of-c...

7.8CVSS7.8AI score0.96775EPSS
Exploits228
Rows per page
Query Builder