Lucene search
K

2377895 matches found

NVD
NVD
added 13 minutes ago1 views

CVE-2026-59838

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions,...

5.9CVSS
Exploits0References1
GithubExploit
GithubExploit
added 45 minutes ago7 views

magento-polyshell

APSB25-94 — PolyShell: Magento 2 Unauthenticated File Upload RCE...

6.5AI score
Exploits0
CVE
CVE
added 48 minutes ago2 views

CVE-2026-59838

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions,...

5.9CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 48 minutes ago2 views

CVE-2026-59838

A improper neutralization of script-related html tags in a web page basic xss vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions,...

5.9CVSS
Exploits0References1
NCSC
NCSC
added 1 hour ago4 views

Vulnerabilities exist in several Fortinet products

Fortinet has identified vulnerabilities in several versions of FortiSIEM Windows Agent and general product versions, FortiOS, FortiPAM, and FortiProxy. One vulnerability exists in the FortiSIEM Windows Agent versions 7.4.0 through 7.4.1 with the identifier CVE-2026-59841. This vulnerability allow...

7.5CVSS6.2AI score
Exploits0References4
The Hacker News
The Hacker News
added 1 hour ago4 views

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below - CVE-2026-15718 , an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719 , a site isolation in the DOM:...

9.9CVSS6.6AI score
Exploits0
GithubExploit
GithubExploit
added 1 hour ago7 views

Exploit for Deserialization of Untrusted Data in Apache Camel

camel-pqc Key-Lifecycle Unsafe Deserialization Reproducer CVE...

8.8CVSS6.3AI score0.00485EPSS
Exploits1
GithubExploit
GithubExploit
added 1 hour ago7 views

exploit-toolkit

Target Exploitation Toolkit — GitHub Actions Structure...

9.8CVSS6.1AI score0.9947EPSS
Exploits56
GithubExploit
GithubExploit
added 1 hour ago6 views

Exploit for CVE-2026-58635

CVE-2026-58635: Windows Narrator Braille Local Privilege Escal...

7.8CVSS6.3AI score
Exploits1
Vulnrichment
Vulnrichment
added 1 hour ago5 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added 1 hour ago7 views

CVE-2026-15809 Github.com/cri-o/cri-o: fix bypass for cve-2022-4318 — /etc/passwd injection via home env

A flaw was found in CRI-O. The fix for a previous vulnerability CVE-2022-4318 was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitra...

7.8CVSS
Exploits0References5
EUVD
EUVD
added 2 hours ago2 views

EUVD-2026-44622

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44640

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS6.3AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44633

The bundled Grav Flex Objects plugin getgrav/grav-plugin-flex-objects before 1.4.0 contains a stored server-side template injection vulnerability. When rendering dynamic collection or object titles, the plugin passes user-controlled frontmatter values page.header.flex.collection.title or...

8.8CVSS6.3AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44630

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS6.2AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-44603

A boolean-based SQL Injection vulnerability exists in Apache Fineract's Client Search API GET /api/v1/clients in versions up to and including 1.14.0. The orderBy and sortOrder request parameters are concatenated into a SQL query without sufficient validation, allowing an authenticated user with...

6.1AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44604

A SQL Injection vulnerability exists in Apache Fineract's Report Execution API runreports endpoint in versions up to and including 1.14.0. Report parameter values are incorporated into the generated SQL query without sufficient validation, allowing an authenticated user with permission to run...

6.2AI score
Exploits0References5
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44605

A SQL Injection vulnerability exists in Apache Fineract's Office Search API GET /api/v1/offices in versions up to and including 1.14.0. The orderBy request parameter is concatenated into a SQL query without sufficient validation, allowing an authenticated user with permission to view offices to...

8.1CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2 hours ago5 views

CVE-2026-61433

PraisonAI before 4.6.78 fails to safely encode deployment configuration values when generating Python source code for API servers. Attackers can inject arbitrary Python expressions through the deploy.api.host and agentsfile configuration parameters that execute when the generated server starts or...

8.5CVSS
Exploits0References3
NVD
NVD
added 2 hours ago5 views

CVE-2026-59236

Authorization Bypass Through User-Controlled Key CWE-639 in the Excel import handlers CustomerImport, LeadImport, ProductImport in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to create customer, lead, and product records inside another company...

6.9CVSS
Exploits0References3
Rows per page
Query Builder