Lucene search
K

15343 matches found

Nuclei
Nuclei
added yesterday103 views

mooSocial v.3.1.8 - Cross-Site Scripting

Cross-Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. id: CVE-2023-44813 info: name: mooSocial v.3.1.8 - Cross-Site Scripting author: ritikchaddha severity:...

6.1CVSS6.7AI score0.01754EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday18 views

Jan v0.4.12 - Arbitrary File Upload

An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file. id: CVE-2024-36858 info: name: Jan v0.4.12 - Arbitrary File Upload author: pussycat0x severity: critical description: | An arbitrar...

9.8CVSS6.3AI score0.0306EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday89 views

VvvebJs < 1.7.5 - Arbitrary File Upload

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. id: CVE-2024-29272 info: name: VvvebJs 1.7.5 - Arbitrary File Upload author: s4e-...

6.5CVSS6.3AI score0.09366EPSS
Exploits2References4
NVD
NVD
added yesterday7 views

CVE-2026-15668

A vulnerability has been found in louisho5 picobot up to 0.2.0. This vulnerability affects the function WebTool.Execute of the file internal/agent/tools/web.go of the component web Tool. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotel...

6.5CVSS0.00228EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday12 views

CVE-2026-15669 louisho5 picobot exec Tool exec.go ExecTool.Execute os command injection

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS0.00622EPSS
Exploits0References8
CVE
CVE
added yesterday9 views

CVE-2026-15669

Technical details (affected products, vulnerable components, exploit vectors) are not publicly available in the provided documents. Monitor for updates.

5.3CVSS5.8AI score0.00622EPSS
Exploits0References8
CVE
CVE
added yesterday13 views

CVE-2026-15668

The CVE affects louisho5 picobot up to version 0.2.0, specifically the web Tool component. The vulnerability resides in WebTool.Execute (internal/agent/tools/web.go) where manipulation of the url argument enables server-side request forgery (SSRF). It is a network-vector, with low privileges requ...

6.5CVSS6.2AI score0.00228EPSS
Exploits0References6
NVD
NVD
added 2 days ago3 views

CVE-2026-62200

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS0.00288EPSS
Exploits0References2
Nuclei
Nuclei
added 2 days ago73 views

Jenkins build-metrics 1.3 - Cross-Site Scripting

Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that allows attackers to inject arbitrary HTML and JavaScript into the web pages the plugin provides. id: CVE-2019-10475 info: name: Jenkins build-metrics 1.3 - Cross-Site Scripting author: madrobot severity...

6.1CVSS6.5AI score0.57735EPSS
Exploits5References5
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago8 views

Malicious code in pipspeed (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b1037d713fe94f92e9f1302a1c8fdfcd03ee290e1f2076e7c01cbd1305499e91 The package's advertised public entry point pipspeed.optimize GETs a JSON document from https://www.jsonkeeper.com/b/53XMN an anonymous, mutable past...

6.6AI score
Exploits0References2
OSV
OSV
added 4 days ago3 views

MAL-2026-10190 Malicious code in tinyparrot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ec7ebbcc82edaa241764193ea85c0492b99f9ed3be805c57ef0914518cd4b6f9 The postinstall script src/build.js reconstructs the strings 'https', 'POST', and the destination host 'rnjkerbf.org/P' from integer-encoded arrays v...

6.2AI score
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-61447

PraisonAI before 1.6.78 contains a remote code execution vulnerability in CodeAgent.executepython that executes LLM-generated Python code without AST validation, import restrictions, or sandbox enforcement. Attackers can influence LLM output through prompt injection to exfiltrate all environment...

10CVSS0.00544EPSS
Exploits0References2
Nuclei
Nuclei
added 4 days ago214 views

D-Link - Remote Command Execution

A Remote Command Execution RCE vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file id: CVE-2021-45382 info: name: D-Link - Remote Command Execution author: king-alexander severity: critic...

10CVSS7.2AI score0.97836EPSS
Exploits1References5
Metasploit
Metasploit
added 5 days ago22 views

FTP Fetch, Windows Reverse HTTP Stager (winhttp)

Fetch and execute an x86 payload from an FTP server. Tunnel communication over HTTP Windows winhttp Module Options msf use payload/cmd/windows/ftp/x86/vncinject/reversewinhttp msf payloadreversewinhttp show actions ...actions... msf payloadreversewinhttp set ACTION msf payloadreversewinhttp show...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago19 views

FTP Fetch, Windows Reverse HTTP Stager (wininet)

Fetch and execute an x86 payload from an FTP server. Tunnel communication over HTTP Windows wininet Module Options msf use payload/cmd/windows/ftp/x86/vncinject/reversehttp msf payloadreversehttp show actions ...actions... msf payloadreversehttp set ACTION msf payloadreversehttp show options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago23 views

FTP Fetch, Reverse HTTP Stager Proxy

Fetch and execute an x86 payload from an FTP server. Tunnel communication over HTTP Module Options msf use payload/cmd/windows/ftp/x86/vncinject/reversehttpproxypstore msf payloadreversehttpproxypstore show actions ...actions... msf payloadreversehttpproxypstore set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago19 views

FTP Fetch, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an FTP server. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/ftp/x86/vncinject/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf payloadreverseipv6tcp show options...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago26 views

FTP Fetch, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an FTP server. Listen for a connection No NX Module Options msf use payload/cmd/windows/ftp/x86/vncinject/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf payloadbindnonxtcp show options ...show and set...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago22 views

FTP Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an FTP server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/ftp/x86/dllinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

6.2AI score
Exploits0
Metasploit
Metasploit
added 5 days ago22 views

FTP Fetch, Windows x64 Bind TCP Stager

Fetch and execute an x64 payload from an FTP server. Listen for a connection Windows x64 Module Options msf use payload/cmd/windows/ftp/x64/vncinject/bindtcp msf payloadbindtcp show actions ...actions... msf payloadbindtcp set ACTION msf payloadbindtcp show options ...show and set options... msf...

6.2AI score
Exploits0
Rows per page
Query Builder