Lucene search
K

7784 matches found

Nuclei
Nuclei
added 4 hours ago90 views

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware multiple brands before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface /cgi/getparam.cgi with the tmpToken cookie set to an...

9.8CVSS7AI score0.13425EPSS
Exploits1References5
Nuclei
Nuclei
added 4 hours ago13 views

XWiki Platform Distribution Flavor Main - Cross-Site Scripting

XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References2
Cvelist
Cvelist
added yesterday9 views

CVE-2026-61474 MISP: Improper sharing group authorization check when adding attributes

An improper authorization check in MISP’s attribute creation endpoint allowed an authenticated user with permission to add attributes to submit a sharinggroupid without triggering the corresponding sharing group authorization check, as long as the attribute distribution value was not explicitly s...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-59890 setuptools: MANIFEST.in exclusion bypass in sdist via Unicode normalization collision (NFC/NFD) on macOS APFS/HFS+

setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. Prior to 83.0.0, FileList applied MANIFEST.in exclude, global-exclude, recursive-exclude, and prune directives by matching compiled glob patterns against on-disk file names without Unico...

6.1CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 2 days ago8 views

CVE-2026-59890

Setuptools vulnerability CVE-2026-59890 affects the setuptools sdist packaging logic. Prior to 83.0.0, FileList exclusions (MANIFEST.in exclude, global-exclude, recursive-exclude, prune) were matched against on-disk file names without Unicode normalization, so an NFD filename on macOS APFS/HFS+ c...

6.1CVSS6AI score0.00269EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42012

The uncanny-automator-pro WordPress plugin before 7.3.0.6 was distributed with malicious code after the vendor's uncanny-automator-pro WordPress plugin before 7.3.0.6 update/distribution infrastructure was compromised; the injected backdoor grants unauthenticated attackers an administrator sessio...

9.8CVSS6AI score0.00303EPSS
Exploits0References1
OSV
OSV
added 5 days ago4 views

ROOT-OS-UBUNTU-2204-CVE-2023-53093 CVE-2023-53093 in rootio-linux - Patched by Root

Root has patched CVE-2023-53093 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS7.9AI score0.00164EPSS
Exploits0
OSV
OSV
added 5 days ago6 views

ROOT-OS-DEBIAN-12-CVE-2024-56742 CVE-2024-56742 in rootio-linux - Patched by Root

Root has patched CVE-2024-56742 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS7.8AI score0.00201EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.3 views

Security update for distribution (important)

openSUSE security update: security update for distribution ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21084-1 Rating: important References: bsc1265429 bsc1265788 bsc1266049 bsc1266629 Cross-References: CVE-2026-33814 CVE-2026-39821 CVE-2026-398...

9.1CVSS6.8AI score0.00781EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/25 5:56 p.m.27 views

CVE-2026-54250 K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS0.00122EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:56 p.m.9 views

CVE-2026-54250

CVE-2026-54250 affects K3s by a ZIP archive path traversal in the etcd snapshot decompression. Before versions 1.35.3+k3s1, 1.34.6+k3s1, and v1.33.10+k3s1, a crafted ZIP member can be written to arbitrary filesystem locations when restoring an etcd snapshot, due to the decompression process. Impa...

5.8CVSS6AI score0.00122EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.13 views

Debian dsa-6364 : chromium - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6364 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6364-1 [email protected] https://www.debian.org/securit...

9.6CVSS6.2AI score0.0026EPSS
Exploits1References38
Redos
Redos
added 2026/06/25 12:0 a.m.4 views

ROS-20260625-73-0004

The vulnerability in gnutls is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a remote attacker to cause service failures...

7.5CVSS5.9AI score0.01335EPSS
Exploits0
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0022

The vulnerability in Netty is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

8.7CVSS6.8AI score0.01125EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:50 p.m.3 views

CVE-2026-7167

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 12:50 p.m.31 views

CVE-2026-7167 Multiple vulnerabilities in the Assassin game by Gaudire

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 12:50 p.m.28 views

CVE-2026-7167

The CVE-2026-7167 entry concerns the Assassin game by Gaudire. It identifies a flaw in the authentication flow where the system improperly validates the 'email' field, allowing unverified or fake email addresses to be used to create accounts. The underlying cause is insufficient validation during...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References1
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0029

The vulnerability of the ParseAddress, ParseAddressList, and ParseDate functions in the Go programming language is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.5CVSS5.9AI score0.00784EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.15 views

Debian dsa-6358 : libhttp-daemon-perl - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6358 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6358-1 [email protected] https://www.debian.org/security/...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References4
Debian
Debian
added 2026/06/19 6:15 p.m.17 views

[SECURITY] [DSA 6353-1] gst-libav1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6353-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 19, 2026 https://www.debian.org/security/faq -...

5.8AI score
Exploits0
Rows per page
Query Builder