Lucene search
+L

279886 matches found

osv
osv
added tomorrow5 views

UBUNTU-CVE-2026-11386

An input validation and injection vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client constructs APT source files such as /etc/apt/sources.list.d/ubuntu-.list or their DEB822 equivalents using data received directly from the contract server response via...

9CVSS6.4AI score
Exploits0References3
githubexploit
githubexploit
added 58 minutes ago3 views

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Unsafe Deserialization - RCE React 19.0.0...

10CVSS7.1AI score0.99562EPSS
Exploits376
githubexploit
githubexploit
added 1 hour ago2 views

Exploit for CVE-2026-58457

CVE-2026-58457 - Unauthenticated OS Command Injection in Shenz...

9.8CVSS6.2AI score0.01671EPSS
Exploits1
githubexploit
githubexploit
added 2 hours ago8 views

aurora-earn-poc

Aurora Earn PoC A TypeScript HTTP service that reads Kraken E...

6.1AI score
Exploits0
cvelist
cvelist
added 2 hours ago5 views

CVE-2026-44174 Kirby: Arbitrary Method Call via REST API search and collection query endpoints

Kirby is an open-source content management system. Prior to 4.9.1 and 5.4.1, Kirby did not validate the model attributes that were used in its collection queries, allowing attackers to include arbitrary model methods in their queries. This includes methods with sensitive data such as password...

8.7CVSS0.0007EPSS
Exploits0References3
wordfence
wordfence
added 3 hours ago4 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 6, 2026 to July 12, 2026)

Last week, there were 267 vulnerabilities disclosed in 222 WordPress Plugins and 6 WordPress Themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 136 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilitie...

6.3AI score
Exploits0
github
github
added 3 hours ago4 views

ArcadeDB has cross-database IDOR: /ts/*, /batch/*, Prometheus and Grafana handlers bypass authorization

About 14 HTTP handlers resolve the database path param and call getDatabase... WITHOUT user.canAccessToDatabase... and without setting the engine principal, because they extend AbstractServerHttpHandler directly instead of DatabaseAbstractHandler which holds the only per-database gate at...

6.1AI score
Exploits0References3Affected Software1
osv
osv
added 3 hours ago2 views

GHSA-X8MG-6R4P-87PF ArcadeDB has cross-database IDOR: /ts/*, /batch/*, Prometheus and Grafana handlers bypass authorization

About 14 HTTP handlers resolve the database path param and call getDatabase... WITHOUT user.canAccessToDatabase... and without setting the engine principal, because they extend AbstractServerHttpHandler directly instead of DatabaseAbstractHandler which holds the only per-database gate at...

7.1CVSS6.1AI score
Exploits0References3
nvd
nvd
added 3 hours ago5 views

CVE-2026-55629

Whistle is an HTTP, HTTP2, HTTPS, and WebSocket debugging proxy. Prior to 2.10.3, lib/service/service.js handles GET /cgi-bin/temp/get by reading req.query.filename, joining it to TEMPFILESPATH only when it matches the temporary file pattern, and otherwise passing the user-supplied filename...

8.7CVSS
Exploits0References3
github
github
added 3 hours ago3 views

ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read

Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...

6.4AI score
Exploits0References3Affected Software1
osv
osv
added 3 hours ago2 views

GHSA-48QW-824M-86PR ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read

Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...

7.7CVSS6.4AI score
Exploits0References3
osv
osv
added 3 hours ago2 views

GHSA-VG6X-6PG9-6QWG ArcadeDB: Read-only users can mutate database schema (incomplete fix of CVE-2026-44221)

Impact The fix for CVE-2026-44221 GHSA-fxc7-fm93-6q77 added an UPDATESCHEMA authorization check to a single schema-mutating method LocalDocumentType.createProperty. The remaining public schema mutators were left unchecked, so an authenticated identity including a read-only API token that lacks th...

8.1CVSS6.1AI score
Exploits0References3
github
github
added 3 hours ago3 views

ArcadeDB: Read-only users can mutate database schema (incomplete fix of CVE-2026-44221)

Impact The fix for CVE-2026-44221 GHSA-fxc7-fm93-6q77 added an UPDATESCHEMA authorization check to a single schema-mutating method LocalDocumentType.createProperty. The remaining public schema mutators were left unchecked, so an authenticated identity including a read-only API token that lacks th...

9CVSS6.1AI score0.00344EPSS
Exploits0References3Affected Software1
githubexploit
githubexploit
added 3 hours ago10 views

Exploit for CVE-2024-25600

BricksRCE Exploiter CVE-2024-25600 — WordPress Bricks Bui...

10CVSS7.5AI score0.88234EPSS
Exploits19
github
github
added 3 hours ago3 views

nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys

Impact A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify calls TrieProofNode::childindex primitives/src/trie/trieproofnode.rs:94, which unconditionally unwraps...

6.2AI score
Exploits0References5Affected Software1
osv
osv
added 3 hours ago2 views

GHSA-46WQ-28CX-MHW4 nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys

Impact A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify calls TrieProofNode::childindex primitives/src/trie/trieproofnode.rs:94, which unconditionally unwraps...

3.7CVSS6.2AI score
Exploits0References5
github
github
added 4 hours ago3 views

MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

Summary In affected versions, the default request handlers installed by the experimental tasks feature server.experimental.enabletasks did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and...

7.6CVSS6.1AI score0.00043EPSS
Exploits0References6Affected Software1
osv
osv
added 4 hours ago2 views

GHSA-HVRP-RF83-W775 MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks

Summary In affected versions, the default request handlers installed by the experimental tasks feature server.experimental.enabletasks did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and...

7.6CVSS6.1AI score0.00043EPSS
Exploits0References6
github
github
added 4 hours ago3 views

Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE

Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...

6.5AI score
Exploits0References5Affected Software1
osv
osv
added 4 hours ago2 views

GHSA-3V79-M2CG-89WW Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE

Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...

8CVSS6.5AI score
Exploits0References5
Rows per page
Query Builder