Lucene search
K

2029 matches found

Nuclei
Nuclei
added 9 hours ago17 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6.3AI score0.0306EPSS
Exploits1References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-42211

A heap bufferflow in pcfReadFont due to missing glyph bounds checking in libXfont2 before 2.0.8 allows attackers authenticated as X client to execute code within the X server...

8.5CVSS6.1AI score0.00529EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/03 8:35 p.m.10 views

EUVD-2026-41582

Improper authorization in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

8.3CVSS6.1AI score0.00405EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 9:31 a.m.8 views

CVE-2026-5137

The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...

4.3CVSS6.2AI score0.00266EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 11:5 p.m.22 views

CVE-2026-13384

CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent. An authenticated privileged user could remotely execute arbitrary code via specially crafted requests to the Management Web UI. Affected: Fireware OS 12.1–12.12 and 2025.1–2026.2. CVSS details indicate netwo...

8.6CVSS6.1AI score0.00546EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/02 3:11 p.m.7 views

USN-8496-1 cifs-utils vulnerability

It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 7:18 a.m.8 views

Malicious code in clob-client-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b36bbf14a743630a93ba7f8d7529d3fae8073f0f585af4343506be6248fc1b59 [email protected] ships a postinstall script install-check.cjs that fetches a JSON config from...

6.1AI score
Exploits0References2
EUVD
EUVD
added 2026/06/19 2:16 p.m.9 views

EUVD-2016-10901

Comodo Chromodo Browser 52.15.25.664 contains an unquoted service path vulnerability in the ChromodoUpdater service that runs with SYSTEM privileges. A local attacker can insert a malicious executable in the service path and execute arbitrary code with elevated privileges upon service restart or...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 9:38 p.m.4 views

MAL-2026-6079 Malicious code in set-proto-chain (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bdb11eef3afbfc268bd48a18737884246861c7ae9e6a3d29901ae1379216c633 lib/index.js contains a base64-encoded URL decoding to https://jsonkeeper.com/b/BN77K, an anonymous mutable paste host that is fetched via axios.get;...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/15 2:16 p.m.16 views

CVE-2016-20075

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

8.8CVSS0.00327EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 2:9 p.m.21 views

CVE-2026-8637

Technical details are not publicly available in the provided documents. Monitor for updates.

8.5CVSS6AI score0.0013EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:55 p.m.18 views

EUVD-2026-36033

A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network LAN, can exploit a path traversal vulnerability. By crafting a specially designed gzipped tarball, the attacker can bypass security checks and write arbitrary files to the system. Thi...

9.6CVSS5.9AI score0.00291EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.16 views

Assisted Migration Agent 后置链接漏洞

Assisted Migration Agent is an open-source virtualization environment data collection and migration planning tool developed by KubeV2V. Assisted Migration Agent has a post-installation vulnerability, which stems from an unauthenticated attacker located within the same network. This attacker...

9.6CVSS5.8AI score0.00291EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.12 views

Lenovo LanSchool Classic 代码问题漏洞

Lenovo LanSchool Classic is a classroom teaching management software developed by Lenovo Corporation. Lenovo LanSchool Classic has code vulnerabilities, which stem from potentially uncontrolled search paths. These vulnerabilities may allow locally authenticated users to execute arbitrary code wit...

8.5CVSS6AI score0.0013EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35540

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally...

7.8CVSS5.7AI score0.00372EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 5:5 p.m.15 views

EUVD-2026-35543

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

8.4CVSS6AI score0.00339EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/09 5:5 p.m.4 views

CVE-2026-45463

Integer underflow wrap or wraparound in Microsoft Office allows an unauthorized attacker to execute code locally...

8.4CVSS7.3AI score0.00339EPSS
Exploits0References2Affected Software9
ATTACKERKB
ATTACKERKB
added 2026/06/09 5:4 p.m.3 views

CVE-2026-44818

Concurrent execution using shared resource with improper synchronization 'race condition' in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7CVSS7.2AI score0.00263EPSS
Exploits0References2Affected Software9
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.11 views

Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

7.8CVSS7.6AI score0.00457EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Microsoft Exchange Server Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network...

8.1CVSS5.7AI score0.00475EPSS
Exploits0
Rows per page
Query Builder