Lucene search
K

1378 matches found

Nuclei
Nuclei
added yesterday182 views

Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE

The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell. id: CVE-2023-4521 info: name: Import XML and RSS Feeds 2.1.5 - Unauthenticated RCE author: princechaddha severity: critical description: The Import XML and RS...

9.8CVSS7.2AI score0.39294EPSS
Exploits2References1
NVD
NVD
added 6 days ago9 views

CVE-2025-3110

OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy...

7.5CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added 6 days ago21 views

CVE-2025-3110

CVE-2025-3110 affects OpenVPN Access Server 2.7.2 through 3.1.0, where the server accepts bare line-feed sequences inside HTTP header values, enabling HTTP request smuggling when deployed behind a reverse proxy. Red Hat’s advisory notes this flaw stems from unstandardized LF handling in HTTP head...

7.5CVSS6AI score0.00259EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2026/07/06 5:22 p.m.10 views

CVE-2026-40140

creationtimestamp| type| source ---|---|--- 2026-07-06 17:22:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpym3v2pgs22 2026-07-06 17:48:42+00:00| seen| https://bsky.app/profile/securityonline.bsky.social/post/3mpynkx35vt2f 2026-07-07 12:25:11+00:00| seen|...

8.7CVSS6.2AI score0.00561EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.9 views

Siemens SENTRON 7KT PAC1261 HTTP Request/Response Smuggling (CVE-2025-22871)

The Go net/http package incorrectly treats a bare line feed LF as a valid line terminator in chunked transfer data. This flaw can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as a line terminator. This plugin only works with...

9.1CVSS6.8AI score0.00778EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-27761

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 8:19 p.m.19 views

CVE-2026-27761

Gitea versions up to and including 1.26.2 expose private repository commit data via RSS/Atom feed endpoints by bypassing API access token scope checks. This affects feeds that do not enforce repository scope, allowing tokens without repository scope to access private data. Public references indic...

4.3CVSS7.1AI score0.00367EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.43 views

CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS0.00367EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.4 views

CVE-2026-27761 Gitea repository feeds bypass API token scope enforcement

Gitea versions up to and including 1.26.2 allow repository RSS and Atom feed endpoints to bypass API access token scope checks, exposing private repository commit data to tokens without the required repository scope...

4.3CVSS7.1AI score0.00367EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-56770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential...

8.7CVSS6AI score0.00339EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/27 1:12 a.m.7 views

[SECURITY] Fedora 44 Update: liferea-1.16.12-1.fc44

Liferea Linux Feed Reader is an RSS/RDF feed reader. It's intended to be a clone of the Windows-only FeedReader. It can be used to maintain a list of subscribed feeds, browse through their items, and show their contents...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/25 7:16 p.m.9 views

CVE-2026-56772

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 7:16 p.m.4 views

DEBIAN-CVE-2026-56770

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

7.5CVSS5.8AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:8 p.m.19 views

CVE-2026-56772 NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS0.00204EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:8 p.m.5 views

EUVD-2026-39525

NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary userid values to the GET /social/interactions endpoint without ownership verification. Attackers can enumerate userid values to access...

5.3CVSS6AI score0.00204EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 6:8 p.m.15 views

CVE-2026-56772

NewsBlur

5.3CVSS6AI score0.00204EPSS
Exploits0References3
Circl
Circl
added 2026/06/19 10:13 p.m.11 views

CVE-2026-48582

creationtimestamp| type| source ---|---|--- 2026-06-19 22:13:36+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116779071246302173 2026-06-19 22:36:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3moofqsioi72o 2026-06-22 00:46:30+00:00| seen|...

9.6CVSS5.8AI score0.00389EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 9:16 p.m.14 views

CVE-2026-50005

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

8.3CVSS0.00197EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 7:49 p.m.43 views

CVE-2026-50005 Brickcom Cameras Use of Default Credentials

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

8.3CVSS0.00197EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 7:49 p.m.9 views

CVE-2026-50005 Brickcom Cameras Use of Default Credentials

Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds...

8.3CVSS5.3AI score0.00197EPSS
Exploits0References3
Rows per page
Query Builder