Lucene search
K

96912 matches found

ATTACKERKB
ATTACKERKB
added 10 hours ago5 views

CVE-2026-59083

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

9.1CVSS6.1AI score
Exploits0References2Affected Software1
Nuclei
Nuclei
added 11 hours ago129 views

WordPress My Calendar <3.4.22 - SQL Injection

WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route. id: CVE-2023-6360 info: name: WordPress My Calendar 3.4.22 - SQL Injection author: xxcdd severity: critical...

9.8CVSS7.1AI score0.63141EPSS
Exploits1References5
Nuclei
Nuclei
added 11 hours ago22 views

WordPress Product Slider Pro for WooCommerce < 3.5.4 - Supply Chain Backdoor RCE

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4. id: CVE-2026-49777 info: name: WordPress Product Slider Pro f...

10CVSS6.1AI score0.01656EPSS
Exploits3References3
Nuclei
Nuclei
added 11 hours ago18 views

Tattile Camera < 1.181.5 - Default Login

Tattile Smart+, Vega, and Basic device families firmware = 1.181.5 contain a broken authentication caused by default credentials not forced to be changed, letting attackers with management interface access gain administrative privileges. id: CVE-2026-26341 info: name: Tattile Camera 1.181.5 -...

9.8CVSS6.1AI score0.02663EPSS
Exploits3References1
Nuclei
Nuclei
added 11 hours ago17 views

Astro - Unauthorized Third-Party Image Access

Astro 5.13.2 and 4.16.18 contains an information disclosure vulnerability caused by improper validation of protocol-relative URLs in the image optimization endpoint, letting attackers serve images from unauthorized third-party domains, exploit requires on-demand rendering deployment. id:...

6.9CVSS6.1AI score0.00594EPSS
Exploits1References2
Nuclei
Nuclei
added 11 hours ago82 views

AntD Admin - Sensitive Information Disclosure

AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user...

7.5CVSS6.9AI score0.04305EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago33 views

ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

5.3CVSS6.1AI score0.00908EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago86 views

Stable Diffusion Webui 1.10.0 - Open Redirect

An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...

6.1CVSS6.4AI score0.00816EPSS
Exploits1References1
Nuclei
Nuclei
added 11 hours ago11 views

MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's...

9.8CVSS7AI score0.02888EPSS
Exploits0References4
Nuclei
Nuclei
added 11 hours ago33 views

WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload

The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'mwbwgmpreviewmail' and 'mwbwgmwoocommerceaddcartitemdata' functions in all versions up to, and including, 2.6.0. This makes it possible for...

9.8CVSS7.6AI score0.03858EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago157 views

Navidrome <=0.54.5 - Authentication Bypass in Subsonic API

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

6.9CVSS6.2AI score0.00936EPSS
Exploits1References1
Nuclei
Nuclei
added 11 hours ago51 views

Ruckus vRioT IoT Controller - Authentication Bypass

Ruckus vRioT through 1.5.1.0.21 contains an API backdoor caused by a hardcoded token in validatetoken.py,letting unauthenticated attackers interact with the API without authentication. id: CVE-2020-26879 info: name: Ruckus vRioT IoT Controller - Authentication Bypass author: DhiyaneshDk severity:...

10CVSS7AI score0.42479EPSS
Exploits1References6
Nuclei
Nuclei
added 11 hours ago69 views

Users Ultra <= 3.1.0 - SQL Injection

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection...

9.8CVSS7.1AI score0.0854EPSS
Exploits2References5
Nuclei
Nuclei
added 11 hours ago80 views

Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.6AI score0.0203EPSS
Exploits0References5
NVD
NVD
added 12 hours ago6 views

CVE-2026-15676

A security flaw has been discovered in code-projects Online Job Portal up to 1.0. The impacted element is an unknown function of the file /Admin/DeleteUser.php. Performing a manipulation results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the...

7.5CVSS
Exploits0References6
CVE
CVE
added 12 hours ago10 views

CVE-2026-15676

CVE-2026-15676 affects code-projects Online Job Portal (

7.5CVSS6.7AI score
Exploits0References6
EUVD
EUVD
added 16 hours ago5 views

EUVD-2026-43614

A vulnerability was found in nextlevelbuilder GoClaw 3.11.3. Affected by this issue is the function ExecApprovalManager.CheckCommand of the file internal/tools/execapproval.go. The manipulation results in incomplete blacklist. The attack can be executed remotely. The exploit has been made public...

6.5CVSS6.4AI score
Exploits0References12
NVD
NVD
added 17 hours ago6 views

CVE-2026-44745

SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results...

8.1CVSS
Exploits0References2
EUVD
EUVD
added 17 hours ago5 views

EUVD-2026-43599

A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function getworkspacefile of the file executormanager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument userid can lead to authorization bypass. The attack may be launched...

6.9CVSS5.9AI score
Exploits0References8
EUVD
EUVD
added 18 hours ago4 views

EUVD-2026-43540

OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended...

8.8CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder