Lucene search
K

7020 matches found

Nuclei
Nuclei
added yesterday71 views

L-Soft LISTSERV 16.5 - Cross-Site Scripting

The REPORT after z but before a parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. id: CVE-2023-27641 info: name: L-Soft LISTSERV 16.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The REPORT after z but...

6.1CVSS6.4AI score0.01092EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday43 views

Joomla! Component OrgChart 1.0.0 - Local File Inclusion

A directory traversal vulnerability in the OrgChart comorgchart component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1878 info: name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion author:...

7.5CVSS6.2AI score0.11429EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday57 views

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

9.8CVSS7AI score0.36164EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago83 views

Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution

Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...

9.8CVSS7.3AI score0.76526EPSS
Exploits4References5
Nuclei
Nuclei
added 2 days ago580 views

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

10CVSS6.8AI score0.98481EPSS
Exploits5References5
NVD
NVD
added 4 days ago7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
Krebs on Security
Krebs on Security
added last week8 views

Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying platfor...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-54161

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - nut - None Ubuntu Linux - upsmon: remote OS command injection RCE via attacker- controlled ups.alarm in NOTIFYCMD execution CVE-2026-54161 Note...

6.3AI score
Exploits0References3
Kaspersky
Kaspersky
added 2026/07/02 12:0 a.m.6 views

KLA91131 PE vulnerability in Microsoft Server Software

Privilege escalation vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2026-54998 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-Exchange-Online CVE list...

8.8CVSS5.9AI score0.0063EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-14156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process t...

6.5CVSS6.2AI score0.002EPSS
Exploits0References2
Circl
Circl
added 2026/06/30 12:19 p.m.11 views

EDB-40344

creationtimestamp| type| source ---|---|--- 2026-06-30 12:19:13+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/bb230d46-5c19-48c7-aede-32a3a5ce9add...

5.8AI score
Exploits0References1
Circl
Circl
added 2026/06/30 10:19 a.m.21 views

EDB-42114

creationtimestamp| type| source ---|---|--- 2026-06-30 10:19:43+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/a72f807b-519b-4ed1-8cb6-a58786e1d85b...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - qemu - None Ubuntu Linux - Unknown description CVE-2026-48004 Note that Nessus relies on the presence of the package as reported by the vendor...

6.1AI score
Exploits0References3
NVD
NVD
added 2026/06/26 4:16 p.m.13 views

CVE-2026-21734

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

7.7CVSS0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 3:14 p.m.7 views

EUVD-2026-39785

A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the GPU shader compiler library. On certain platforms, when the compiler process has system privileges this could enable further exploits on the device. An...

7.7CVSS5.8AI score0.00118EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to...

7CVSS6.2AI score0.0014EPSS
Exploits0References3
Circl
Circl
added 2026/06/23 2:6 p.m.12 views

CVE-2021-39509

creationtimestamp| type| source ---|---|--- 2026-06-23 14:06:18+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/eebbb5b3-1e7e-4a0c-a700-57c26308a5a3 2026-06-30 12:19:19+00:00| exploited|...

9.8CVSS7.3AI score0.05098EPSS
Exploits1References2
Circl
Circl
added 2026/06/19 4:45 p.m.11 views

CVE-2010-3889

creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:39+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/61bdff58-1d5c-4f34-80c6-4ceeea80b6d9 2026-06-23 14:04:10+00:00| exploited|...

7.2CVSS5.8AI score0.01606EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.8 views

Photon OS 4.0: Dotnet PHSA-2026-4.0-1036

An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.8CVSS6.8AI score0.0243EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-12463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to...

4.7CVSS6AI score0.00133EPSS
Exploits0References2
Rows per page
Query Builder