Lucene search
K

585 matches found

Nuclei
Nuclei
added 7 hours ago27 views

WP Mobile Detector <= 3.5 - Unrestricted File Upload

WP Mobile Detector plugin for WordPress = 3.5 contains an unrestricted file upload vulnerability caused by missing file type validation in resize.php, letting unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. id: CVE-2016-15043 info: name: WP Mobile...

9.8CVSS6.3AI score0.10032EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday35 views

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

9.8CVSS6.1AI score0.43192EPSS
Exploits2References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42927

A flaw was found in the filetype content detector of guardrails-detectors. This vulnerability allows a remote attacker to supply an arbitrary XML Schema Definition XSD string, which is processed without proper restrictions. This can lead to server-side requests to arbitrary URLs or local file...

9.3CVSS6.1AI score0.00255EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-60086

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...

6.9CVSS0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-60086 PraisonAI before 4.6.78 Prompt Injection Defense Bypass

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...

6.9CVSS0.0022EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42894

PraisonAI before 4.6.78 contains a prompt injection defense bypass vulnerability where the injection defense only blocks threats classified as CRITICAL, requiring three or more detector families to match simultaneously. Attackers can craft single or double-vector prompt injections that are...

6.9CVSS6.1AI score0.0022EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS0.00184EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42293

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-15063

The CVE-2026-15063 affects the gorch service in the trustyai-service-operator. The issue is that, even with authentication enabled, gorch exposes unproxied orchestrator and detector metrics ports, reachable from any pod on the cluster network. This bypasses kube-rbac-proxy authentication, enablin...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-15063

A flaw was found in the gorch service template, which is part of the trustyai-service-operator. Even when authentication is enabled, the gorch service exposes unproxied orchestrator and detector metrics ports. This allows any pod on the cluster network to directly access these ports, bypassing th...

6.3CVSS5.9AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:31 a.m.12 views

EUVD-2026-36672

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS7.4AI score0.00142EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/06/14 11:30 p.m.10 views

CVE-2026-12193 VS Revo RevoUninstaller IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS7.4AI score0.00142EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/14 11:30 p.m.40 views

CVE-2026-12193 VS Revo RevoUninstaller IOCTL RevoDetector.sys IOCtl_Handler heap-based overflow

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS0.00142EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/06/12 8:9 p.m.83 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

SolarWinds Serv-U Unauthenticated DoS: Safe Detection Script...

7.5CVSS5.9AI score0.10659EPSS
Exploits2
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.20 views

RAT: Reference-Augmented Training for ASV Anti-Spoofing

We introduce a spoofing countermeasure architecture conditioned on speaker-reference recordings, but observe that it converges to a solution that effectively ignores the reference during inference. Surprisingly, training with a reference channel induces invariance that improves deepfake detection...

5.5AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/07 2:42 p.m.84 views

mcp-tool-poisoning-poc

mcp-tool-poisoning — Educational PoC Demonstrates the Too...

7.5CVSS5.5AI score0.22114EPSS
Exploits1
Packet Storm News
Packet Storm News
added 2026/06/06 12:0 a.m.12 views

Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection

Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41483

OpenTelemetry.Resources.Azure is the .NET resource detector for Azure environments. In versions 1.15.0-beta.1 and earlier, the AzureVmMetaDataRequestor class makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without any size limit. An attacker w...

5.9CVSS5.5AI score0.00323EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.10 views

CLIF: Cross-Layer LEO-ISL Fingerprinting for Physical and Network Attack Detection in Dense LEO Constellations

Low-Earth Orbit LEO mega-constellations such as Starlink by SpaceX and Kuiper by Amazon rely on optical Inter-Satellite Links ISLs for autonomous mesh routing to provide low-latency telecommunication, Internet of Things IoT, and security services globally. As commercial operators and governments...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.75 views

PyFEX: Uncovering Evasive Python-Based Threats Via Resilient and Exhaustive Path Exploration

The rapid expansion of the Python ecosystem has fueled two distinct but converging threats: adversaries increasingly target the software supply chain via the Python Package Index PyPI, while also building evasive, cross-platform malicious binaries compiled from source code written in Python...

6AI score
Exploits0
Rows per page
Query Builder