Lucene search
K

987 matches found

Nuclei
Nuclei
added yesterday21 views

WordPress Slider Future <= 1.0.5 - Unauthenticated Arbitrary File Upload

Slider Future WordPress plugin = 1.0.5 contains an unrestricted file upload vulnerability caused by missing file type validation in 'sliderfuturehandleimageupload', letting unauthenticated attackers upload arbitrary files, exploit requires no authentication. id: CVE-2026-1405 info: name: WordPres...

9.8CVSS6.2AI score0.03177EPSS
Exploits2
NVD
NVD
added 3 days ago9 views

CVE-2026-15499

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
CVE
CVE
added 5 days ago6 views

CVE-2026-11992

The CVE-2026-11992 entry concerns the WordPress plugin Easy Appointments (versions up to 3.12.27). The root cause is an authorization bypass: the plugin does not properly verify a user’s permission for actions, enabling authenticated users with author-level access or higher to cancel all upcoming...

4.3CVSS6.1AI score0.0028EPSS
Exploits0References9
Microsoft Secure
Microsoft Secure
added 2026/06/30 7:0 p.m.10 views

Accelerating the quantum-safe timeline

The quantum-safe timeline has changed For years, planning for post-quantum cryptography PQC was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At...

6AI score
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-518 Ray's New Token Authentication is Disabled By Default

Anyscale Ray 2.52.0 contains an insecure default configuration in which token-based authentication for Ray management interfaces including the dashboard and Jobs API is disabled unless explicitly enabled by setting RAYAUTHMODE=token. In the default unauthenticated state, a remote attacker with...

9.3CVSS6.3AI score0.00474EPSS
Exploits5References12
CVE
CVE
added 2026/06/17 12:3 p.m.44 views

CVE-2024-35648

No technical details are provided in the connected documents for CVE-2024-35648 beyond the description of a CSRF vulnerability in the Emergency Password Reset plugin (WordPress)

4.3CVSS5.2AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:9 p.m.57 views

CVE-2022-48575

The CVE-2022-48575 issue affects macOS Monterey due to a consistency/state-handling defect that may allow a person with physical access to bypass the Login Window. The Apple security content notes this as fixed in macOS Monterey 12.4. Affected component: Login Window handling; root cause: improve...

3.5CVSS5.4AI score0.00153EPSS
Exploits0References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.13 views

Systematic Cybersecurity Risk Analysis of European Rail Traffic Management System

European Rail Traffic Management System ERTMS is a widely adopted standard unifying train management in the EU. While the standard allows for use cases like fully autonomous driving, cybersecurity has been an afterthought. Risk analysis enables the systematic assessment and prioritization of...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.8 views

CVE-2026-5247

The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wrapper' attribute of the futureaction shortcode in all versions up to, and including, 4.10.0. This is due to insufficient input sanitization on the wrapper attribute. The...

5.5CVSS5.7AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-40852

A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality...

7.2CVSS5.7AI score0.0037EPSS
Exploits0References1
OSV
OSV
added 2026/06/03 2:53 p.m.8 views

ROOT-APP-PYPI-CVE-2022-40899 CVE-2022-40899 in rootio-future - Patched by Root

Root has patched CVE-2022-40899 in the rootio-future package for Root:PyPI. Multiple fixed versions available...

7.5CVSS6.7AI score0.01804EPSS
Exploits1
RustSec
RustSec
added 2026/06/01 12:0 p.m.13 views

Several memory corruption issues via safe APIs

Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...

5.9AI score
Exploits0
Rosalinux
Rosalinux
added 2026/06/01 11:49 a.m.51 views

Advisory ROSA-SA-2026-3307

Software: python-future 0.18.2 Operating System: ROSA-CHROME Unaffected versions: = python-future-0.18.2-4 Affected versions: python-future-0.18.2-4 CVE-ID: CVE-2022-40899 BDU-ID: 2023-02446 CVE-Crit: HIGH CVE-DESCRIPTION: The compatibility vulnerability in Python Charmers Future is related to...

7.5CVSS5.8AI score0.01804EPSS
Exploits1
NVD
NVD
added 2026/05/27 11:16 p.m.23 views

CVE-2026-46538

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS0.00225EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.16 views

Cybersecurity of Electric Vehicle Charging Infrastructure: Recent Advances, Open Challenges, and Future Directions

Electric Vehicles EVs have emerged as significant disruptors in the transportation sector over the past decade. Their growing popularity and adoption are accompanied by capital expenditures to deploy charging infrastructure. EV charging infrastructure sits at the intersection of the power grid, t...

5.8AI score
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in python-future

A vulnerability discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service by using a crafted Set-Cookie header from a malicious web server...

7.5CVSS6.7AI score0.01804EPSS
Exploits1References2
MariaDBUnix
MariaDBUnix
added 2026/05/18 12:0 a.m.12 views

CVE-2026-44171

Disclaimer: This data contains information about vulnerable...

5.7AI score0.00135EPSS
Exploits0
HackRead
HackRead
added 2026/05/16 10:13 a.m.15 views

AI Voice Cloning: The Technology Behind It, Who’s Building It, and Where It’s Headed

Explore AI voice cloning technology, leading companies, real-world uses, ethical risks, and future trends shaping synthetic voices...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.13 views

Malicious code in chai-as-regulated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f7f8d21f5d33db136b1e10fc7fbb6d2a1540240911b0630e7fc9f8724c7b26 Package is published as chai-as-regulated, a name mimicking the widely-used chai-as-promised Chai plugin, and the README instructs users to register ...

5.8AI score
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/14 12:0 a.m.10 views

Hidden in Memory: Sleeper Memory Poisoning in LLM Agents

Large language models are increasingly augmented with persistent memory, allowing assistants to store user-specific information across sessions for personalization and continuity. This statefulness introduces a new security risk: adversarial content can corrupt what an assistant remembers and...

5.8AI score
Exploits0
Rows per page
Query Builder