Lucene search
K

1129981 matches found

Packet Storm News
Packet Storm News
added 2026/09/10 12:0 a.m.54 views

IServ Schoolserver User Enumeration

IServ Schoolserver suffers from a user enumeration vulnerability. The vendor does not feel this is an issue...

5.8AI score
Exploits0
NVD
NVD
added 26 minutes ago2 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

Exploits0References3
NVD
NVD
added 26 minutes ago3 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

Exploits0References3
NVD
NVD
added 26 minutes ago2 views

CVE-2026-52192

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub445C5C component...

Exploits0References2
Github Security Blog
Github Security Blog
added 1 hour ago3 views

SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass

Summary SimpleSAMLphp's HTTP-Artifact receive path can treat an unsigned embedded SAML Response as cryptographically valid for the wrong IdP. In the HTTPArtifact::receive flow, the SOAP ArtifactResponse receives a TLS-based validator from SOAPClient::addSSLValidator. The embedded SAML Response th...

5.9AI score
Exploits0References2Affected Software2
NVD
NVD
added 1 hour ago3 views

CVE-2026-59101

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS
Exploits0References4
NVD
NVD
added 1 hour ago2 views

CVE-2026-59097

Taiga before 6.10.2 contains a missing authorization vulnerability that allows unauthenticated remote attackers to create default due-date records in any project by exploiting unprotected POST endpoints on the user-story, task, and issue due-date API viewsets. Attackers can supply an arbitrary...

6.9CVSS
Exploits0References5
NVD
NVD
added 1 hour ago2 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added 1 hour ago2 views

jsonata: Malicious inputs to "$toMillis" function can cause resource exhaustion

Impact In JSONata = 2.2.0 via fixes that include https://github.com/jsonata-js/jsonata/pull/782 and https://github.com/jsonata-js/jsonata/pull/793. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. References...

5.7AI score
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Craft CMS Vulnerable to Unauthorized Deletion of Destination Folders During Forced Moves

We have identified an authorization issue in Craft CMS where a forced folder move can delete a conflicting destination folder without destination delete permission. Description Craft CMS’s craft\controllers\AssetsController::actionMoveFolder supports moving an asset folder into a destination...

7.1CVSS5.9AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

Mautic has Stored Cross-Site Scripting (XSS) in Project Option Selector

Summary A stored Cross-Site Scripting XSS vulnerability exists in the project selector component of Mautic 7. When rendering selection menus for associating projects with system entities, the application fails to sanitize project names returned via AJAX before injecting them into the DOM as optio...

5.4CVSS5.7AI score0.00133EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Mautic has Stored Cross-Site Scripting (XSS) in Projects Component

Summary A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticate...

7.6CVSS5.7AI score0.00164EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

Mautic has an Authorization Bypass in API v2 Endpoints

Summary An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

7.1CVSS5.8AI score0.00201EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

Mautic vulnerable to Path Traversal via Campaign Import

Summary A path traversal vulnerability exists in the campaign import feature of Mautic 7. When extracting uploaded ZIP files during campaign imports, a flaw in the validation logic allows file paths to escape the intended temporary directories. Impact An authenticated user with campaign import...

9.9CVSS6.1AI score0.00583EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

Mautic has Server-Side Template Injection (SSTI) in Theme Templates

Summary A Server-Side Template Injection SSTI vulnerability exists in Mautic's theme engine. The platform renders uploaded Twig templates without a sandbox or strict function restrictions. Authenticated users with permissions to create or upload themes can abuse this to execute arbitrary code...

9.9CVSS6.1AI score0.00439EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

Mautic Focus component Vulnerable to SSRF

Summary A Server-Side Request Forgery SSRF vulnerability exists in the Mautic Focus component MauticFocusBundle. Under certain conditions, insufficiency in validating user-supplied URLs allows authenticated users to trigger outbound HTTP requests from the hosting server. Impact An authenticated...

6.4CVSS5.9AI score0.00138EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 1 hour ago2 views

Zebra: Repeated Non-Finalized Shielded Transaction Aborts Zebra Before Duplicate-Nullifier Rejection

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks past the checkpoint height non-finalized state is active. 3. The network has NU5 or later activated. All default configurations are affected. Summary Chain::push in the non-finalized sta...

5.7AI score
Exploits0References5Affected Software2
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-59101

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS6AI score
Exploits0References5
CVE
CVE
added 2 hours ago4 views

CVE-2026-59101

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS6AI score
Exploits0References4
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-41432

AutoBangumi before 3.2.8 contains a server-side request forgery SSRF vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST...

6.9CVSS
Exploits0References4
Rows per page
Query Builder