7020 matches found
L-Soft LISTSERV 16.5 - Cross-Site Scripting
The REPORT after z but before a parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. id: CVE-2023-27641 info: name: L-Soft LISTSERV 16.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The REPORT after z but...
Joomla! Component OrgChart 1.0.0 - Local File Inclusion
A directory traversal vulnerability in the OrgChart comorgchart component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1878 info: name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion author:...
rConfig <=3.9.4 - SQL Injection
rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...
Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...
Jenkins - Remote Command Injection
Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...
CVE-2026-61454
The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...
Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...
Linux Distros Unpatched Vulnerability : CVE-2026-54161
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nut - None Ubuntu Linux - upsmon: remote OS command injection RCE via attacker- controlled ups.alarm in NOTIFYCMD execution CVE-2026-54161 Note...
KLA91131 PE vulnerability in Microsoft Server Software
Privilege escalation vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2026-54998 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-Exchange-Online CVE list...
Linux Distros Unpatched Vulnerability : CVE-2026-14156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process t...
EDB-40344
creationtimestamp| type| source ---|---|--- 2026-06-30 12:19:13+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bb230d46-5c19-48c7-aede-32a3a5ce9add...
EDB-42114
creationtimestamp| type| source ---|---|--- 2026-06-30 10:19:43+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a72f807b-519b-4ed1-8cb6-a58786e1d85b...
Linux Distros Unpatched Vulnerability : CVE-2026-48004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - qemu - None Ubuntu Linux - Unknown description CVE-2026-48004 Note that Nessus relies on the presence of the package as reported by the vendor...
CVE-2026-21734
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...
EUVD-2026-39785
A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...
Linux Distros Unpatched Vulnerability : CVE-2026-52972
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to...
CVE-2021-39509
creationtimestamp| type| source ---|---|--- 2026-06-23 14:06:18+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/eebbb5b3-1e7e-4a0c-a700-57c26308a5a3 2026-06-30 12:19:19+00:00| exploited|...
CVE-2010-3889
creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:39+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/61bdff58-1d5c-4f34-80c6-4ceeea80b6d9 2026-06-23 14:04:10+00:00| exploited|...
Photon OS 4.0: Dotnet PHSA-2026-4.0-1036
An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
Linux Distros Unpatched Vulnerability : CVE-2026-12463
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to...