Lucene search
K

15326 matches found

Nuclei
Nuclei
added 12 hours ago89 views

VvvebJs < 1.7.5 - Arbitrary File Upload

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. id: CVE-2024-29272 info: name: VvvebJs 1.7.5 - Arbitrary File Upload author: s4e-...

6.5CVSS6.3AI score0.09366EPSS
Exploits2References4
Nuclei
Nuclei
added 12 hours ago18 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6.3AI score0.0306EPSS
Exploits1References1
Nuclei
Nuclei
added 12 hours ago103 views

mooSocial v.3.1.8 - Cross-Site Scripting

Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.7AI score0.01754EPSS
Exploits1References3
NVD
NVD
added 14 hours ago7 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS
Exploits0References6
CVE
CVE
added 14 hours ago9 views

CVE-2026-15669

Technical details (affected products, vulnerable components, exploit vectors) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score
Exploits0References8
Cvelist
Cvelist
added 14 hours ago7 views

CVE-2026-15669 louisho5 picobot exec Tool exec.go ExecTool.Execute os command injection

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS
Exploits0References8
CVE
CVE
added 15 hours ago13 views

CVE-2026-15668

The CVE affects louisho5 picobot up to version 0.2.0, specifically the web Tool component. The vulnerability resides in WebTool.Execute (internal/agent/tools/web.go) where manipulation of the url argument enables server-side request forgery (SSRF). It is a network-vector, with low privileges requ...

6.5CVSS6.2AI score
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-62200

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in pipspeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...

6.6AI score
Exploits0References2
OSV
OSV
added 3 days ago2 views

MAL-2026-10190 Malicious code in tinyparrot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7ebbcc82edaa241764193ea85c0492b99f9ed3be805c57ef0914518cd4b6f9 The postinstall script src/build.js reconstructs the strings 'https', 'POST', and the destination host 'rnjkerbf.org/P' from integer-encoded arrays v...

6.2AI score
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS0.00544EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago213 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.2AI score0.97836EPSS
Exploits1References5
Metasploit
Metasploit
added 4 days ago23 views

FTP Fetch, Windows x64 Reverse HTTP Stager (winhttp)

Fetch and execute an x64 payload from an FTP server. Tunnel communication over HTTP Windows x64 winhttp Module Options msf use payload/cmd/windows/ftp/x64/vncinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago19 views

FTP Fetch, Windows x64 Reverse HTTP Stager (wininet)

Fetch and execute an x64 payload from an FTP server. Tunnel communication over HTTP Windows x64 wininet Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show option...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago18 views

FTP Fetch, Reverse TCP Stager with UUID Support (Windows x64)

Fetch and execute an x64 payload from an FTP server. Connect back to the attacker with UUID Support Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago17 views

FTP Fetch, Reverse TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x64 payload from an FTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/ftp/x64/meterpreter/reversetcprc4 msf payloadreversetcprc4 show actions ...actions... msf payloadreversetcprc4 set ACTION msf payloadreversetcprc4 show options ...show and...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago21 views

FTP Fetch

Fetch and execute an x64 payload from an FTP server. Module Options msf use payload/cmd/windows/ftp/x64/powershellreversetcp msf payloadpowershellreversetcp show actions ...actions... msf payloadpowershellreversetcp set ACTION msf payloadpowershellreversetcp show options ...show and set options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago17 views

FTP Fetch, Windows Meterpreter Shell, Reverse HTTP Inline (x64)

Fetch and execute an x64 payload from an FTP server. Connect back to attacker and spawn a Meterpreter shell. Requires Windows XP SP2 or newer. Module Options msf use payload/cmd/windows/ftp/x64/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 4 days ago19 views

FTP Fetch, Windows x64 Bind Named Pipe Stager

Fetch and execute an x64 payload from an FTP server. Listen for a pipe connection Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/peinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

6.2AI score
Exploits0
Rows per page
Query Builder