Lucene search
K

2840 matches found

Nuclei
Nuclei
added yesterday110 views

Mlflow - Arbitrary File Write

An attacker can overwrite any file on the server hosting MLflow without any authentication. id: CVE-2023-6018 info: name: Mlflow - Arbitrary File Write author: byt3bl33d3r severity: critical description: | An attacker can overwrite any file on the server hosting MLflow without any authentication...

10CVSS7AI score0.47874EPSS
Exploits1References2
Circl
Circl
added 4 days ago10 views

GHSA-HJR6-G723-HMFM

creationtimestamp| type| source ---|---|--- 2026-07-10 16:01:02+00:00| seen| https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html 2026-07-10 20:00:23+00:00| seen| https://bsky.app/profile/iberianm.bsky.social/post/3mqcwsfxjof2i 2026-07-11 01:00:51+00:00| seen|...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1565 RunGptLLM class in LlamaIndex has a command injection

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

8.8CVSS7.4AI score0.02118EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2026/07/01 5:18 p.m.25 views

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEILDROP by Securonix. It's suspected that the initial payloads are distributed...

6.1AI score
Exploits0
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/06/23 8:43 p.m.14 views

[R3] Tenable Identity Exposure Version 3.93.5 Fixes Multiple Vulnerabilities

R3 Tenable Identity Exposure Version 3.93.5 Fixes Multiple Vulnerabilities Aaron Roy Tue, 06/23/2026 - 16:43 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components .NET Windows Server Hosting, NodeJS, Erlang OTP, SQ...

9.9CVSS7AI score0.65838EPSS
Exploits17
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/18 4:29 p.m.9 views

Malicious code in abuden221 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbd19b84f2238fb96214c792d294b1ac0e114103c238ddf040a7960377d78f90 The tarball is a static-site / web-proxy build index.html, /assets/.js bundles with obfuscated names, a.well-known/discord verification file, brandin...

6.2AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 11:13 p.m.27 views

CVE-2026-48768 TypeBot: Unauthenticated arbitrary s3 object write in generate-upload-url via unsanitized fileName

TypeBot is a chatbot builder tool. In versions 3.16.1 and earlier, POST /api/blocks/file-input/v3/generate-upload-url is unauthenticated and uses unsanitized fileName input to construct public/ S3 object keys, while issuing presigned PUT URLs that do not bind Content-Type. As a result, any...

9.3CVSS0.00268EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/06/16 5:41 a.m.12 views

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities KEV catalog, requiring Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 18, 2026. The vulnerability in questi...

8.5CVSS5.5AI score0.01261EPSS
Exploits3
NVD
NVD
added 2026/06/14 4:16 a.m.29 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2026/06/14 3:23 a.m.9 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
Exploits3References2
EUVD
EUVD
added 2026/06/14 3:23 a.m.15 views

EUVD-2026-36657

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS5.3AI score0.01261EPSS
Exploits3References2
Cvelist
Cvelist
added 2026/06/14 3:23 a.m.60 views

CVE-2026-54420

LiteSpeed cPanel plugin before 2.4.8 as distributed in LiteSpeed WHM PlugIn before 5.3.2.0 mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026...

8.5CVSS0.01261EPSS
Exploits3References2
CVE
CVE
added 2026/06/14 3:23 a.m.290 views

CVE-2026-54420

CVE-2026-54420 is a symlink-following vulnerability in LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM Plugin before 5.3.2.0). A user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS can abuse improperly validated symbolic links to access or ...

8.5CVSS5.3AI score0.01261EPSS
In wildExploits3References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.21 views

PT-2026-49104

Name of the Vulnerable Software and Affected Versions LiteSpeed cPanel plugin versions prior to 2.4.8 LiteSpeed WHM PlugIn versions prior to 5.3.2.0 Description A privilege escalation issue exists where the software mishandles symbolic links symlinks provided by a user with FTP or web shell acces...

8.5CVSS6.1AI score0.01261EPSS
Exploits3References51
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.21 views

PT-2026-48882

Name of the Vulnerable Software and Affected Versions Amasty Order Attributes for Magento 2 versions prior to 4.0.0 Description An unauthenticated arbitrary file upload issue allows attackers to write files of any type or name to the store's media directory. This occurs because the upload endpoin...

9.8CVSS6.1AI score0.04591EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

ClipBucket V5 SQL注入漏洞

ClipBucket V5 is a video hosting platform developed by MacWarrior’s individual developers. Versions of ClipBucket V5 prior to 5.5.3–129 contained a SQL injection vulnerability. This vulnerability stems from a blind SQL injection vulnerability in the actions/progressvideo.php endpoint, which could...

9.8CVSS5.8AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:53 a.m.15 views

MAL-2026-5199 Malicious code in @ethlete/contentful (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a13fdab1eac9b66fa0d57b62cbd19dfb84616946491165e61b6fd62692441ca The package was found to contain malicious code or consuming dependency that contains malicious code Source: google-open-source-security...

6.2AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/03 12:20 p.m.11 views

CVE-2026-5422

A flaw was found in jupyter-server. This path traversal vulnerability exists due to insufficient validation of file paths, specifically an incorrect root directory boundary check and improper handling of directory traversal sequences. This allows a remote attacker with low privileges to bypass...

8.1CVSS6.7AI score0.00437EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/02 9:11 a.m.14 views

EUVD-2026-33905

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References1
OSV
OSV
added 2026/06/02 9:11 a.m.4 views

CVE-2026-5422 Path Traversal in jupyter/jupyter

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

6.8CVSS6.7AI score0.00437EPSS
Exploits1References3
Rows per page
Query Builder