Lucene search
K

3215 matches found

Nuclei
Nuclei
added yesterday55 views

Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution

Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...

8.1CVSS6.3AI score0.04175EPSS
Exploits3References2
OSV
OSV
added yesterday3 views

MAL-2026-10560 Malicious code in clipboard-drop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea807812d5f872524eab6c57931788239310050ffb4c477643977def9dac8fb9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday4 views

Malicious code in clipboard-drop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea807812d5f872524eab6c57931788239310050ffb4c477643977def9dac8fb9 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 44 Update: python-idna-3.18-1.fc44

A library to support the Internationalised Domain Names in Applications IDNA protocol as specified in RFC 5891 . This version of the protocol is often referred to as "IDNA2008" and can produce different results from the earlier standard from 2003. The library is also intended to act as a suitable...

6.9CVSS6.5AI score0.00408EPSS
Exploits0
Patchstack
Patchstack
added 5 days ago8 views

WordPress Super Forms – Drag & Drop Form Builder plugin <= 6.3.313 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by andrea bocchetti in WordPress Plugin Super Forms versions = 6.3.313...

9.8CVSS5.9AI score0.00523EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 6 days ago13 views

Fake 7-Zip Installers Turn Devices Into Residential Proxy Nodes

Cybersecurity researchers have disclosed details of a new threat actor dubbed Lurking Lizard that has been operating an end-to-end malicious residential proxy business using an infrastructure comprising more than 230 lookalike domains. The activity dates back to at least August 2022, according to...

6.1AI score
Exploits0
NVD
NVD
added 2026/07/04 12:17 p.m.17 views

CVE-2026-53359

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

0.00176EPSS
Exploits3References7
CVE
CVE
added 2026/07/04 11:51 a.m.303 views

CVE-2026-53359

CVE-2026-53359 concerns the Linux kernel KVM/x86 shadow paging use-after-free caused by a mismatch in GFN handling when a PDE is modified to a non-leaf page. After the PDE change and memslot deletion, rmap entries tied to the GFN may not be removed, and kvm_mmu_page_get_gfn() can compute an incor...

5.8AI score0.00176EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : cifs-utils vulnerability (USN-8496-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8496-1 advisory. It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could...

7.8CVSS6.3AI score0.0012EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/07/01 5:18 p.m.25 views

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEILDROP by Securonix. It's suspected that the initial payloads are distributed...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/07/01 1:32 p.m.8 views

EUVD-2026-40962

In the Linux kernel, the following vulnerability has been resolved: schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded: WARNING: at...

5.8AI score0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 6:7 p.m.8 views

GHSA-55F6-4PR5-C7M5 Kahi has privilege-drop and socket/log permission issues

Kahi releases up to and including v0.1.0-alpha.8 contain three privilege/permission issues, all fixed in v0.1.0-alpha.9. They were identified in a full-codebase security review on 2026-05-26. Affected versions All releases = v0.1.0-alpha.8. Patched version v0.1.0-alpha.9. Details 1. Per-process...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.9 views

EulerOS 2.0 SP15 : sudo (EulerOS-SA-2026-2509)

According to the versions of the sudo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

Oracle Linux 9 : kernel (ELSA-2026-27789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...

9.8CVSS7.2AI score0.00563EPSS
Exploits15References18
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.7 views

CVE-2026-53070

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP over User Datagram Protocol UDP implementation. An issue with managing the transmission context across different processing units could lead to incorrect recursion level detection. This can cause network packets to b...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/06/25 4:26 p.m.18 views

K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304

Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...

5.5CVSS5.8AI score0.00123EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53220

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...

5.5CVSS0.00127EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53197

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...

5.5CVSS0.00097EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53220

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...

6.8CVSS5.7AI score0.00127EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53220

CVE-2026-53220 affects the Linux kernel netfilter bridge path. ebt_redirect_tg() dereferences br_port_get_rcu() without a NULL check when a bridge port has been removed between the original hook and an NFQUEUE reinject, potentially causing a local kernel panic. Attack surface includes scenarios w...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder