Lucene search
K

1089 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.6 views

EulerOS Virtualization 2.10.1 : dhcp (EulerOS-SA-2026-2017)

According to the versions of the dhcp package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into...

8.6CVSS5.6AI score0.14614EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36356

The GoAhead web server on MeiG Smart FORGESLT711 devices firmware MDM9607.LE.1.0-00110-STD.PROD-1 allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint...

9.1CVSS5.5AI score0.15394EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.8 views

CVE-2026-4409

The Subscribe To Comments Reloaded plugin for WordPress is vulnerable to unauthorized modification of data due to a leaked secret key and usage of a weak hash generation algorithm in all versions up to, and including, 240119. This makes it possible for unauthenticated attackers to extract the...

6.5CVSS5.6AI score0.00227EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 12:4 p.m.6 views

Security Bulletin: Due to use of node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by Denial of Service (DoS).

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896. Vulnerability Details CVEID:CVE-2026-33891 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScrip...

9.1CVSS5.7AI score0.0058EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 12:1 p.m.12 views

Security Bulletin: node-forge-1.3.1.tgz, IBM Sterling Connect:Direct Web Services is affected by bypass downstream cryptographic verifications and security decisions.

Summary node-forge-1.3.1.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-12816, CVE-2025-66030, CVE-2025-66031 . Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticat...

8.7CVSS7.2AI score0.00689EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.14 views

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS6.3AI score0.00515EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/05/29 12:0 a.m.54 views

📄 MeiG Smart FORGE_SLT711 Command Injection

MeiG Smart FORGESLT711 proof of concept remote command injection exploit. Exploit Title: MeiG Smart FORGESLT711 - OS Command Injection Date: 2026-05-03 Exploit Author: Daniil Gordeev Vendor Homepage: http://www.meigsmart.com Software Link: N/A firmware distributed via carrier channels Version:...

9.1CVSS5.8AI score0.15394EPSS
Exploits3
NVD
NVD
added 2026/05/28 5:16 p.m.17 views

CVE-2026-45261

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS0.00515EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:20 p.m.12 views

CVE-2026-45261 GitButler: Link injection via forge integration enables arbitrary script execution

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS6.3AI score0.00515EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:20 p.m.9 views

EUVD-2026-32944

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS6.3AI score0.00515EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 4:20 p.m.21 views

CVE-2026-45261

GitButler desktop app (Tauri-based) is affected prior to version 0.19.7. The issue is a link-injection/remote script execution vector where an attacker can inject a malicious link into a pull request body; if a user clicks it, arbitrary script execution occurs in the Tauri webview. The vulnerabil...

9.3CVSS6.3AI score0.00515EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 4:20 p.m.33 views

CVE-2026-45261 GitButler: Link injection via forge integration enables arbitrary script execution

GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An attacker can inject a malicious link in a pull request body, which if clicked by the user allows fo...

9.3CVSS0.00515EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44412

Name of the Vulnerable Software and Affected Versions GitButler versions prior to 0.19.7 Description A remote code execution issue exists in the Tauri-based desktop application. An attacker can inject a malicious link into a pull request body; if a user clicks this link, it allows for arbitrary...

9.3CVSS6.6AI score0.00515EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 8:16 a.m.21 views

CVE-2026-49001

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:33 a.m.14 views

CVE-2026-49001

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS5.8AI score0.00109EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 7:33 a.m.12 views

EUVD-2026-32109

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS5.8AI score0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-51015

Name of the Vulnerable Software and Affected Versions ProxySQL versions 2.0.0 through 3.0.8 Description The MySQL frontend incorrectly processes the PROXY UNKNOWN r PP1 frame of the PROXY protocol v1. According to the specification, when the protocol token is UNKNOWN, the receiver must ignore...

10CVSS5.9AI score0.00185EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

WordPress plugin Sentence To SEO 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.1CVSS5.7AI score0.00174EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/19 8:4 p.m.13 views

Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated agent token theft

Summary azureidentity.Validate verifies that the PKCS7 signer certificate chains to a trusted Azure CA but never verifies the PKCS7 signature itself. An attacker can embed a legitimate Azure certificate alongside arbitrary content e.g. "vmId":"" and the forged vmId will be accepted returning the...

5.9AI score0.0003EPSS
Exploits0References9Affected Software2
Snyk
Snyk
added 2026/05/18 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload and worm propagation logic. A malicious actor associated with the "TeamPCP" or "Mini Shai-Hulud" campaign compromised a maintainer's access token; this allowed the...

9.8CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder