Lucene search
K

7680 matches found

CVE
CVE
added yesterday11 views

CVE-2026-55428

CVE-2026-55428 (Coder) describes a route hijack risk in the tailnet coordinator where an agent’s AllowedIPs are not validated against the agent’s authenticated UUID, unlike the Addresses check. The coordinator forwards adversarially supplied AllowedIPs to WireGuard peers, potentially enabling an ...

8.2CVSS6AI score
Exploits0References6
Nuclei
Nuclei
added yesterday23 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS6AI score0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday12 views

XWiki Platform Distribution Flavor Main - Cross-Site Scripting

XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...

6.5CVSS6.9AI score0.00503EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday15 views

YesWiki < 4.5.4 - Cross-Site Scripting

YesWiki 4.5.4 contains a reflected cross-site scripting caused by unsanitized idformulaire parameter in /?BazaR endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link. id: CVE-2025-46550 info: name: YesWiki 4.5.4 - Cross-Site Scripting author:...

6.1CVSS5.8AI score0.00498EPSS
Exploits1References2
The Hacker News
The Hacker News
added yesterday9 views

DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

A Microsoft 365 device code phishing campaign has been observed leveraging collaboration-themed lures to take control of victim accounts between the last week of June 2026 and into early July, per findings from ZeroBEC. "The campaign did not depend on a fake Microsoft password page. It used a...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-49086 Apache Camel Dapr: Pub/Sub consumer copied the inbound CloudEvent's pub/sub-name and topic into producer-direction routing headers, allowing an actor who can publish to the subscribed topic to influence internal behaviour

Improper Input Validation, Unintended Proxy or Intermediary 'Confused Deputy' vulnerability in Apache Camel DAPR component. The camel-dapr Dapr Pub/Sub consumer DaprPubSubConsumer copied two fields from each inbound CloudEvent - its Pub/Sub component name and its topic - into the...

0.00244EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Siemens SIMATIC S7 PLC Web Server Improper Neutralization of Input During Web Page Generation (CVE-2026-25789)

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting a modified firmware file. This would result in malicious JavaScript execution in the context of the authenticated user's...

7.2CVSS7.3AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

7.8CVSS0.00148EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago15 views

EUVD-2026-33280

Mautic has Stored Cross-Site Scripting XSS in Project Option Selector...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2
NVD
NVD
added 6 days ago9 views

CVE-2026-8699

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS0.00177EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago10 views

EUVD-2026-41407

A stored Cross-Site Scripting XSS vulnerability has been identified in the web-based management interface of Archer C5 v6.8 routers, due to insufficient server-side validation and lack of proper output encoding of user-controlled input in a certain field. An attacker with administrative privilege...

7CVSS6AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-8699

CVE-2026-8699 reports a stored Cross-Site Scripting (XSS) vulnerability in the Archer C5 web-based management interface (v6.8). Root cause: insufficient server-side validation and lack of proper output encoding for a specific input field, allowing an admin-level attacker to inject crafted HTML/JS...

7CVSS6AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-38972

Notepad3 versions up to 6.25.822.1 are vulnerable to a DLL search-order hijack in the About-dialog code path (src/Notepad3.c). The application loads MSFTEDIT.DLL via LoadLibrary with a bare DLL name, enabling a local attacker to place a malicious MSFTEDIT.DLL in the application directory or anoth...

7.8CVSS6.4AI score0.00148EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

0.00148EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added last week7 views

Important: Red Hat Security Advisory: postgresql:12 security update

An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week5 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.9AI score0.00324EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week6 views

Important: Red Hat Security Advisory: postgresql:13 security update

An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A...

8.8CVSS5.9AI score0.00668EPSS
Exploits0References5
NVD
NVD
added last week10 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS0.00779EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week7 views

CVE-2026-58031

A flaw was found in Wikimedia Foundation MediaWiki. This vulnerability, categorized as an Improper Neutralization of Input During Web Page Generation Cross-site Scripting or XSS, allows a remote attacker to inject malicious scripts into web pages. When a user views an affected page, the attacker'...

4.6CVSS5.7AI score0.0023EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS6.5AI score0.00779EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder