Lucene search
K

283275 matches found

GithubExploit
GithubExploit
added 48 minutes ago6 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744-MCPJam-Exploit A proof-of-concept exploit for C...

9.8CVSS6.2AI score0.43671EPSS
Exploits35
NVD
NVD
added 51 minutes ago2 views

CVE-2026-56197

Improper neutralization of special elements used in a command 'command injection' in Windows Admin Center allows an authorized attacker to execute code over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added 51 minutes ago2 views

CVE-2026-55145

Improper neutralization of special elements used in a command 'command injection' in Outlook Copilot allows an authorized attacker to perform tampering over a network...

6.3CVSS
Exploits0References1
NVD
NVD
added 52 minutes ago2 views

CVE-2026-50488

Improper neutralization of special elements used in a command 'command injection' in Windows Clipboard User Service allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added 52 minutes ago2 views

CVE-2026-45077

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...

8.3CVSS0.01261EPSS
Exploits0References6
NVD
NVD
added 52 minutes ago2 views

CVE-2026-47295

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS
Exploits0References1
NVD
NVD
added 52 minutes ago2 views

CVE-2026-45067

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS0.00062EPSS
Exploits0References6
OSV
OSV
added 1 hour ago0 views

GHSA-QW5R-PPCG-F8RJ MKP: Unbounded Pod Log Read via Attacker-Controlled `limitBytes`/`tailLines` Causes Memory Exhaustion

Unbounded Pod Log Read via Attacker-Controlled limitBytes/tailLines Causes Memory Exhaustion Summary The MKP Model Context Protocol for Kubernetes server exposes a getresource MCP tool that proxies Kubernetes pod log requests. User-supplied limitBytes and tailLines parameters are parsed as...

7.5CVSS
Exploits0References2
CVE
CVE
added 1 hour ago31 views

CVE-2026-45077

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...

8.3CVSS6.1AI score0.01261EPSS
Exploits0References6
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-45077 Symfony: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...

8.3CVSS0.01261EPSS
Exploits0References6
EUVD
EUVD
added 1 hour ago2 views

EUVD-2026-44330

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...

8.3CVSS6.1AI score0.01261EPSS
Exploits0References6
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-62656 Post-authenticated command injection vulnerability found in certain NETGEAR RAX models

A security flaw was found in certain NETGEAR RAX models that could allow a logged-in user to send specially crafted requests to the router and run unauthorized commands. This could enable the user to make unauthorized changes to the router and affect its security and operation...

6.8CVSS
Exploits0References2
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-62658 Post-authentication Command Injection Vulnerability in certain Nighthawk RAX series models

A security flaw was discovered in certain NETGEAR Nighthawk RAX series routers that could allow someone already logged in to the device to run unauthorized commands or code on the router...

5.7CVSS
Exploits0References4
CVE
CVE
added 1 hour ago86 views

CVE-2026-45067

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-45067 Symfony: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS0.00062EPSS
Exploits0References6
EUVD
EUVD
added 1 hour ago1 views

EUVD-2026-44322

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 1 hour ago4 views

FacturaScripts: Stored XSS in WidgetVariante and WidgetSubcuenta modal lists via HTML-attribute decoding of `Tools::noHtml`-escaped quotes inside `onclick=`

Summary WidgetVariante::renderVariantList Core/Lib/Widget/WidgetVariante.php:298-330 and WidgetSubcuenta::renderSubaccountList Core/Lib/Widget/WidgetSubcuenta.php:290-321 build the row for each modal hit by concatenating the user-controlled referencia / codsubcuenta field directly into a...

6.3AI score
Exploits0References2Affected Software1
OSV
OSV
added 1 hour ago0 views

GHSA-3X7P-V8HJ-XH5M FacturaScripts: Stored XSS in WidgetVariante and WidgetSubcuenta modal lists via HTML-attribute decoding of `Tools::noHtml`-escaped quotes inside `onclick=`

Summary WidgetVariante::renderVariantList Core/Lib/Widget/WidgetVariante.php:298-330 and WidgetSubcuenta::renderSubaccountList Core/Lib/Widget/WidgetSubcuenta.php:290-321 build the row for each modal hit by concatenating the user-controlled referencia / codsubcuenta field directly into a...

3.5CVSS
Exploits0References2
GithubExploit
GithubExploit
added 1 hour ago10 views

metasploitable-vulnerability-mapping-with-nmap

Metasploitable Vulnerability Assessment Network Enumeration...

10CVSS6.7AI score0.9927EPSS
Exploits172
Github Security Blog
Github Security Blog
added 1 hour ago5 views

FacturaScripts: CSV formula injection in CSVExport allows authenticated low-priv users to plant payloads that execute when an admin opens the export

Summary Live PoC verified 2026-04-30 against a stock FacturaScripts master at 127.0.0.1:8081. A low-privilege user lowpriv created a customer with nombre = "=SUM1+1cmd|/c calc!A1". An admin then exported ListCliente to CSV via ?action=export&option=CSV. The downloaded file contains the raw payloa...

6.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder