Lucene search
K

169504 matches found

GithubExploit
GithubExploit
added 45 minutes ago4 views

mcp-server

NotCVE MCP Server !notcve/mcp-server MCP serverhttps://gl...

10CVSS6.8AI score0.99999EPSS
Exploits352
OSSF Malicious Packages
OSSF Malicious Packages
added 2 hours ago3 views

Malicious code in nullrift (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 29ebce322ac712405bfd29254cbd8f820c20ddc083587693a982b75ef6f3039a Package advertises itself as an SVG fetcher/sanitizer but its main module also exports an undocumented getPlugin function. The returned function...

6.6AI score
Exploits0References1
GithubExploit
GithubExploit
added 3 hours ago15 views

web-management-server-compromise-assessment

Web Management Server Compromise Assessment AMN SECUR...

7.8CVSS7.1AI score0.00383EPSS
Exploits7
GithubExploit
GithubExploit
added 10 hours ago23 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-jms Forged DefaultExchangeHolder Filter-Bypass Reproduce...

9.8CVSS6.2AI score0.00881EPSS
Exploits2
NVD
NVD
added 11 hours ago8 views

CVE-2026-56308

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS
Exploits0References2
Cvelist
Cvelist
added 11 hours ago11 views

CVE-2026-56308 Capgo - Insufficient Authentication in Email Change Endpoint

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS
Exploits0References2
CVE
CVE
added 11 hours ago11 views

CVE-2026-56308

Capgo before 12.128.2 contains an insufficient authentication flaw in the email-change endpoint: an attacker with a valid session cookie or authenticated browser can change the account email without re-authenticating the current password or verifying the existing mailbox. This can enable control ...

8.4CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 11 hours ago8 views

EUVD-2026-43230

Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cookie or authenticated browser can change the account email to gain control of account recovery and...

8.4CVSS6.1AI score
Exploits0References2
GithubExploit
GithubExploit
added 14 hours ago34 views

Exploit for CVE-2026-4631

CVE-2026-4631 — Cockpit Mass Exploit Tool Unauthenticated...

9.8CVSS6.8AI score0.142EPSS
Exploits4
Nuclei
Nuclei
added 20 hours ago170 views

CData Connect < 23.4.8846 - Path Traversal

A path traversal vulnerability exists in the Java version of CData Connect 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application. id: CVE-2024-31849 info: name: CData Connect 23.4.8846...

9.8CVSS7.1AI score0.08151EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago56 views

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

6.1CVSS6.4AI score0.01376EPSS
Exploits1References4
Nuclei
Nuclei
added 20 hours ago75 views

Quixplorer <=2.4.1 - Cross-Site Scripting

Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

6.1CVSS6.5AI score0.02852EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago55 views

FooGallery plugin <= 2.2.35 - Cross-Site Scripting

Reflected Cross-Site Scripting XSS vulnerability in FooPlugins FooGallery plugin = 2.2.35 versions. id: CVE-2023-29439 info: name: FooGallery plugin = 2.2.35 - Cross-Site Scripting author: theamanrawat severity: medium description: | Reflected Cross-Site Scripting XSS vulnerability in FooPlugins...

7.1CVSS6.7AI score0.01747EPSS
Exploits1References5
Nuclei
Nuclei
added 20 hours ago95 views

Django Debug Page - Cross-Site Scripting

Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...

6.1CVSS6.6AI score0.23566EPSS
Exploits0References5
Nuclei
Nuclei
added 20 hours ago66 views

Blog2Social < 7.2.1 - Cross-Site Scripting

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin id: CVE-2023-3936 info: name: Blog2Social 7.2.1 - Cross-Site...

6.1CVSS6.4AI score0.0093EPSS
Exploits2References2
Nuclei
Nuclei
added 20 hours ago66 views

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. id: CVE-2020-29395 info: name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is...

6.1CVSS6.3AI score0.11696EPSS
Exploits2References5
Nuclei
Nuclei
added 20 hours ago169 views

Cisco IOS XE WLC - Arbitrary File Upload

A vulnerability in the Out-of-Band Access Point AP Image Download feature of Cisco IOS XE Software for Wireless LAN Controllers WLCs could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.This vulnerability is due to the presence of a hard-coded JSON Web...

10CVSS7.1AI score0.17894EPSS
Exploits1References2
Nuclei
Nuclei
added 20 hours ago9 views

LifterLMS < 8.0.1 - Cross-Site Scripting

LifterLMS WordPress plugin before 8.0.1 contains a reflected XSS caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin via a crafted request. id: CVE-2024-13619 info: name: LifterLMS 8.0.1 - Cross-Site Scripting author:...

6.1CVSS6.2AI score0.00521EPSS
Exploits1References3
Nuclei
Nuclei
added 20 hours ago86 views

b2evolution CMS <6.11.6 - Open Redirect

b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...

6.1CVSS6.4AI score0.13817EPSS
Exploits3References5
Nuclei
Nuclei
added 20 hours ago113 views

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7AI score0.12484EPSS
Exploits0References4
Rows per page
Query Builder