Lucene search
+L

1664 matches found

nuclei
nuclei
added yesterday18 views

GestioIP - Reflected Cross-Site Scripting

GestioIP v3.5.7 contains a reflected cross-site scripting caused by unsanitized input in the ipdojob request, letting attackers execute scripts in the victim's browser, exploit requires specific user permissions. id: CVE-2024-50857 info: name: GestioIP - Reflected Cross-Site Scripting author:...

4.8CVSS6.1AI score0.01172EPSS
Exploits3References4
cve
cve
added 2 days ago21 views

CVE-2026-47732

Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...

7.1CVSS6.1AI score0.00371EPSS
Exploits0References3Affected Software1
cve
cve
added 2 days ago54 views

CVE-2026-45073

CVE-2026-45073 affects Symfony’s PHP framework, specifically the PdoAdapter::doClear() path. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the code builds a DELETE with a namespace derived from caller-supplied prefix without binding or escaping it, allowing an attacker who controls the pr...

7.3CVSS6.1AI score0.00536EPSS
Exploits0References6Affected Software1
osv
osv
added 3 days ago2 views

MAL-2026-10220 Malicious code in @jplopezy/connectivity-test-do-not-install (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94a8451d9e6d0f50b066cc79da664b4ec909dc1fb835c39f938b5a58dd9f8ad5 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/02 3:49 p.m.6 views

USN-8498-1 linux-nvidia-tegra vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...

9.8CVSS6.4AI score0.00686EPSS
Exploits4References298
osv
osv
added 2026/06/30 6:44 p.m.4 views

CVE-2026-58138 Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to...

9.3CVSS6.8AI score0.00938EPSS
Exploits2References8
nvd
nvd
added 2026/06/30 10:16 a.m.11 views

CVE-2026-6954

Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...

5.1CVSS0.00366EPSS
Exploits0References1
cve
cve
added 2026/06/30 8:54 a.m.14 views

CVE-2026-6954

CVE-2026-6954 describes a Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. The issue enables an attacker to execute JavaScript or inject a dynamic iframe in a victim’s browser by sending a malicious URL via the ‘urlDestino’ parameter in /portal.do, potentially expos...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/30 8:53 a.m.31 views

CVE-2026-6953 Multiple vulnerabilities in Intermark IT's WebControl CMS

HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTML code to a victim via the contact form. To exploit this vulnerability, the attacker must send a request using the 'nombreApellidos', 'dirección ', an...

5.1CVSS0.0036EPSS
Exploits0References1
nvd
nvd
added 2026/06/29 7:16 p.m.10 views

CVE-2026-57999

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS0.01179EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/29 6:16 p.m.6 views

CVE-2026-57999

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References3
euvd
euvd
added 2026/06/29 6:16 p.m.7 views

EUVD-2026-40171

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/29 6:16 p.m.6 views

CVE-2026-57999 luci-app-tailscale-community - Command Injection via tailscale.do_login RPC

luci-app-tailscale-community contains a command injection vulnerability in the tailscale.dologin RPC method that allows authenticated users to execute arbitrary commands as root. The vulnerability exists because user-controlled loginserver and loginserverauthkey parameters are improperly quoted...

8.8CVSS6AI score0.01179EPSS
Exploits0References2
osv
osv
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-544 MCP-for-Stata: Command injection via log_file_name parameter in Stata command wrapper

Summary The logfilename parameter in the statado API and CLI is directly interpolated into a Stata command string without sanitization. The security guard GuardValidator only scans the do-file content but does not validate this parameter. An attacker can inject arbitrary Stata commands including...

9.3CVSS6AI score0.00629EPSS
Exploits0References7
cve
cve
added 2026/06/29 7:30 a.m.29 views

CVE-2026-13547

Vulnerability: CVE-2026-13547 affects Hanwang e-Face General Management Platform 6.3.5.4. The issue arises in processing the file parameter during /manage/resourceUpload/upload.do, where manipulation of the File argument can lead to unrestricted file upload. This can be exploited remotely, and pu...

7.5CVSS6.8AI score0.00278EPSS
Exploits0References5
mscve
mscve
added 2026/06/27 8:17 a.m.9 views

xfrm: espintcp: do not reuse an in-progress partial send

...

7.8CVSS5.8AI score0.0012EPSS
Exploits0
astralinux
astralinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: procfs: Fixed a missing RCU protection when reading realparent in dotaskstat. When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection. This leads to the following sequence of events: cpu 0 c...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.12 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: procfs: Fixed a possible double mmput operation in doprocmapquery. When a user provides a buffer of incorrect size for the PROCMAPQUERY build ID, we return an -ENAMETOOLONG error. After recent changes, this condition occurs later...

7.8CVSS5.9AI score0.00132EPSS
Exploits0References2
nvd
nvd
added 2026/06/18 8:16 p.m.21 views

CVE-2026-56099

OpenBSD before commit 6a23123 2026-06-18 contains an out-of-bounds read vulnerability in the mplsdoerror function within sys/netmpls/mplsinput.c that allows remote attackers to disclose kernel stack memory by sending crafted MPLS frames with 16 labels and no Bottom-of-Stack bit set...

6.9CVSS0.00423EPSS
Exploits2References5
osv
osv
added 2026/06/15 8:50 a.m.4 views

SUSE-SU-2026:22103-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2026-10275: global buffer overflow during key pair generation tests due to missing input validation bsc1267246. - CVE-2026-40528: stack and heap buffer overrun in the dokeyvalue function due to missing length check allows for memory corrupti...

7.8CVSS5.8AI score0.00296EPSS
Exploits0References5
Rows per page
Query Builder