Lucene search
K

591402 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.228 views

Oracle WebLogic Server - Remote Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Services allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. id: CVE-2019-2725 info: name: Oracle WebLogic...

9.8CVSS7.9AI score0.99964EPSS
Exploits35References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.33 views

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body. id: CVE-2018-19276 info: name: OpenMRS Platform 2.24.0 - Insecure Object...

10CVSS8.8AI score0.98811EPSS
Exploits10References3
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.853 views

PHP CGI - Argument Injection

PHP CGI - Argument Injection CVE-2024-4577 is a critical argument injection flaw in PHP. id: CVE-2024-4577 info: name: PHP CGI - Argument Injection author: Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch severity: critical description: | PHP CGI - Argument Injection CVE-2024-4577 is a critical argument...

9.8CVSS7.7AI score0.99987EPSS
Exploits64References4
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.89 views

Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49 and 2.4.50. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests ca...

9.8CVSS8.8AI score0.99964EPSS
Exploits62References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.103 views

Apache 2.4.49 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed...

9.8CVSS8.1AI score0.99992EPSS
Exploits148References6
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.6 views

CVE-2026-47131

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js's ERRINVALIDARGTYPE error. This allows the attacker to obtain the host's TypeError constructor, leading to an...

10CVSS5.4AI score0.004EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.6 views

CVE-2026-47140

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically process and inspector/promises. A...

10CVSS5.6AI score0.00536EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.6 views

CVE-2026-47137

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the require option can be...

10CVSS5.8AI score0.00382EPSS
Exploits0References8
NVD
NVD
added 2026/06/16 6:16 a.m.12 views

CVE-2026-50255

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

6.7CVSS0.00089EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 6:16 a.m.12 views

CVE-2026-6933

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS0.00607EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/16 6:14 a.m.4 views

firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

8.8CVSS5.8AI score0.00332EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/16 5:3 a.m.8 views

EUVD-2026-37035

Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges...

6.7CVSS6.9AI score0.00089EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 5:3 a.m.13 views

CVE-2026-50255

CVE-2026-50255 affects Optical Disc Archive Software for Windows (5.5.3 and earlier). The issue is an incorrect default permissions setting that could allow an attacker to execute arbitrary code with SYSTEM privileges. CVSS details indicate local access with high impact to confidentiality, integr...

6.7CVSS6.9AI score0.00089EPSS
Exploits0References2
Mageia
Mageia
added 2026/06/16 4:58 a.m.69 views

Updated libsndfile packages fix security vulnerabilities

CVE-2025-52194 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircamreadheader function at src/ircam.c:164 during sample rate processing, leading to memory corruption a...

8.2CVSS6AI score0.00585EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/16 4:30 a.m.12 views

EUVD-2026-37033

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS6.6AI score0.00607EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/16 4:30 a.m.27 views

CVE-2026-6933 Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation

The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. This is due to the 'generatePluginHandler' function lacking any authorization check before processing user-supplied POST data, combined with the...

8.8CVSS0.00607EPSS
Exploits0References7
CVE
CVE
added 2026/06/16 4:30 a.m.19 views

CVE-2026-6933

The CVE covers the Premmerce Dev Tools WordPress plugin (versions

8.8CVSS6.6AI score0.00607EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/16 4:28 a.m.6 views

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS7.9AI score0.00755EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/16 4:28 a.m.7 views

gimp: GIMP: Remote Code Execution via XPM File Parsing Integer Overflow

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a malicious XPM X PixMap image file. This can lead to an an integer overflow during file processing, allowing the attacker to execute arbitrary code on the affected system...

7.8CVSS7.8AI score0.00596EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/16 4:28 a.m.6 views

gimp: GIMP: Remote Code Execution via PSP file parsing

A flaw was found in GIMP. A remote attacker could exploit this vulnerability by enticing a user to open a specially crafted PSP PaintShop Pro file. This flaw is caused by a heap-based buffer overflow, where the application does not properly validate the length of user-supplied data. Successful...

7.8CVSS8AI score0.00651EPSS
Exploits0References6
Rows per page
Query Builder