Lucene search
K

19115 matches found

Nuclei
Nuclei
added 7 hours ago14 views

Group-Office < 26.0.5 - Remote Code Execution

Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References4
EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-43536

OpenClaw versions 2026.3.22 before 2026.6.6 contain an authorization bypass vulnerability where WhatsApp group IDs can satisfy elevated sender allowlists. Attackers with lower-trust access can perform actions requiring stronger authorization by leveraging group ID validation in the affected featu...

8.7CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-53364

The CVE-2026-53364 entry concerns the Linux kernel Bluetooth HCI subsystem. A memory leak in hci_le_big_terminate() occurs when iso_list_data allocated via kzalloc_obj is not freed on an early return path after evaluating PA/BIG sync state (neither pa_sync_term nor big_sync_term flags set). This ...

6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday7 views

Malicious code in @sqlite-group/schema-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4d317d08a81d92d85c53ffe33ef8c709b706ed09c1f89b1c6489ac4fbf9f82c8 On require/import, index.js fetches the content of a GitHub Gist https://gist.github.com/getchainverse/b57a92378ad0a52430137c3b810e7107, retrieved vi...

6.2AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-43311

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS6.1AI score0.0017EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-10085

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS0.0017EPSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-10085

Mattermost is affected in versions 11.7.x &lt;= 11.7.2, 11.6.x &lt;= 11.6.4, and 10.11.x

5.4CVSS6.1AI score0.0017EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43192

A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may...

5.3CVSS5.7AI score0.00207EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-15470

Technical details (affected product, versions, root cause, exploit specifics) are not publicly provided in the supplied documents. Monitor for updates.

5.3CVSS5.7AI score0.00207EPSS
Exploits0References5
NVD
NVD
added 4 days ago6 views

CVE-2026-15374

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00256EPSS
Exploits0References5
CVE
CVE
added 4 days ago6 views

CVE-2026-15374

Technical details beyond the initial description are not publicly available in the provided documents. Monitor for updates on CVE-2026-15374 affecting Eleveo Call Recording Software 9.7.0, specifically the /callrec/roleAddAction.do improper authorization vulnerability.

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS0.00256EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42923

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 4 days ago7 views

CVE-2026-15374 Eleveo Call Recording Software Group roleAddAction.do improper authorization

A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.3AI score0.00256EPSS
Exploits0References5
CVE
CVE
added 4 days ago8 views

CVE-2026-22660

FlaskBB

8.6CVSS6AI score0.00328EPSS
Exploits0References3
The Hacker News
The Hacker News
added 4 days ago13 views

New MODBEACON RAT Uses gRPC Streaming for Encrypted C2 Traffic

The China-linked cybercrime group known as Silver Fox has been attributed to a new Rust-based remote access trojan RAR called MODBEACON. Chinese cybersecurity company QiAnXin said that while the threat cluster may appear like a low-sophistication, high-activity operation that propagates malware v...

6.1AI score
Exploits0
NVD
NVD
added 5 days ago8 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS0.00309EPSS
Exploits0References9
NVD
NVD
added 5 days ago6 views

CVE-2026-45780

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, EventSerializer could expose invited group names, sample invitees, and attendance statistics to users who could view the topic but were not entitled to view the private event invitee list. This...

5.3CVSS0.00399EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score0.00309EPSS
Exploits0References10Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-44787

Discourse exposes a flaw in signup: before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a new user could set primary_group_id and gain whisper-group privileges when whispers_allowed_groups is configured. This is fixed in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5. The CVSS 3.1 base score ...

8.2CVSS6AI score0.00309EPSS
Exploits0References9
Rows per page
Query Builder