Lucene search
K

222249 matches found

CVE
CVE
added yesterday9 views

CVE-2026-15753

CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...

5.5CVSS5.9AI score
Exploits0References7
NVD
NVD
added yesterday2 views

CVE-2026-15777

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS
Exploits0References2
EUVD
EUVD
added yesterday2 views

EUVD-2026-44541

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

5.3CVSS5.9AI score
Exploits0References6
CVE
CVE
added yesterday6 views

CVE-2026-15765

Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-57102

Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57090

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50474

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57969

Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-15696

CVE-2026-15696 : Affects Tenda BE12 Pro firmware version 16.03.66.23. The vulnerability lies in the fromVirtualSer function of the file /goform/VirtualSer, where manipulation of the argument page leads to a stack-based buffer overflow. It can be exploited remotely, and the exploit has been disclo...

9CVSS7.5AI score
Exploits0References6
CVE
CVE
added yesterday5 views

CVE-2026-15695

Affected software: Tenda BE12 Pro 16.03.66.23. Vulnerable component: function fromDhcpListClient in /goform/DhcpListClient. Root cause: manipulation of the argument page leads to a stack-based buffer overflow. Impact: remote attack with high severity (as reflected in CVSS metrics); attacker can e...

9CVSS7.5AI score
Exploits0References6
CVE
CVE
added yesterday14 views

CVE-2026-15719

The CVE-2026-15719 entry refers to Firefox Site isolation in the DOM: Navigation component. Publicly disclosed exploit code exists, but none are documented as in-the-wild attacks in the provided sources. Affected software is Firefox; the vulnerability was fixed in Firefox 152.0.6. The Mozilla adv...

5.4CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday16 views

CVE-2026-15718

CVE-2026-15718 concerns an invalid pointer in Firefox’s JavaScript: WebAssembly component. Affected software: Mozilla Firefox. Root cause (as stated by the CVE entry title): an invalid pointer within the WebAssembly interaction layer of the JavaScript engine. Impact details are not elaborated bey...

4.3CVSS6.1AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday11 views

CVE-2026-15691

The CVE-2026-15691 entry concerns Tenda BE12 Pro 16.03.66.23. It affects the function fromSafeClientFilter in /goform/SafeClientFilter; manipulating the argument page causes a stack-based buffer overflow. The vulnerability can be triggered remotely, and a public exploit has been released. The con...

9CVSS7.4AI score
Exploits0References6
Nuclei
Nuclei
added yesterday38 views

Trixbox - 2.8.0.4 OS Command Injection

Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. id: CVE-2017-14535 info: name: Trixbox - 2.8.0.4 OS Command Injection author: pikpikcu severity: high description: Trixbox 2.8.0.4 is vulnerable to OS command...

9CVSS7AI score0.50069EPSS
Exploits4References5
Nuclei
Nuclei
added yesterday72 views

Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. id: CVE-2025-32813 info: name: Infoblox NetMRI 7.6.1 - Unauthenticated Command Injection in getsamlrequest author: iamnoooob,pdresearch severity: high description: | An issue was discovere...

7.2CVSS7AI score0.44196EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday59 views

modoboa 2.0.4 - Admin TakeOver

Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...

9.8CVSS7AI score0.15088EPSS
Exploits4References4
Nuclei
Nuclei
added yesterday14 views

SquirrelMail Address Add 1.4.2 - Cross-Site Scripting

SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

4.3CVSS6.3AI score0.03436EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday85 views

Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)

Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter requesturi. This allows an attacker to execute a server-side request forgery SSRF attack. id: CVE-2020-10770 info: name: Keycloak = 12.0.1 - requesturi Blind Server-Side Request...

5.3CVSS6.5AI score0.69724EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday39 views

Joomla! Component Advertising 0.25 - Local File Inclusion

A directory traversal vulnerability in the Advertising comadvertising component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1473 info: name: Joomla! Component...

6.8CVSS6.2AI score0.08163EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday81 views

XStream <1.4.18 - Server-Side Request Forgery

XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...

8.5CVSS6.9AI score0.11468EPSS
Exploits2References5
Rows per page
Query Builder